[ANNOUNCE] mod_ssl 2.8.24-1.3.33

A subtle security bug (CAN-2005-2700) was discovered in mod_ssl where
where "SSLVerifyClient require" was not enforced in per-location context
if "SSLVerifyClient optional" was configured in the global virtual
host configuration. This bug is now fixed in mod_ssl 2.8.24 for Apache
1.3.33. Get it from:

o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/

Ralf S. Engelschall
rse [at] engelschall.com
www.engelschall.com

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org
rse [ Fr, 02 September 2005 23:05 ] [ ID #950345 ]
Webserver » gmane.comp.apache.mod-ssl.user » [ANNOUNCE] mod_ssl 2.8.24-1.3.33

Vorheriges Thema: client certificates won't verify under Apache
Nächstes Thema: Re: Why?! BackSex.mpeg

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum