[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 134/156: Fix incorrect handling of NSSVerifyClient in directory context

Wed Jul 2 13:55:36 UTC 2014

This is an automated email from the git hooks/post-receive script.

tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.

commit ff7637163c2677d1bff87583574c2378736de4e1
Author: Rob Crittenden <rcritten at redhat.com>
Date:   Thu Feb 20 16:51:17 2014 -0500

    Fix incorrect handling of NSSVerifyClient in directory context
    
    CVE-2013-4566
    
    Resolves #1037722
---
 nss_engine_kernel.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nss_engine_kernel.c b/nss_engine_kernel.c
index 1f37d45..b343382 100644
--- a/nss_engine_kernel.c
+++ b/nss_engine_kernel.c
@@ -280,7 +280,7 @@ int nss_hook_Access(request_rec *r)
 
         if (verify == SSL_CVERIFY_REQUIRE) {
             SSL_OptionSet(ssl, SSL_REQUEST_CERTIFICATE, PR_TRUE);
-            SSL_OptionSet(ssl, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_NO_ERROR);
+            SSL_OptionSet(ssl, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_ALWAYS);
         } else if (verify == SSL_CVERIFY_OPTIONAL) {
             SSL_OptionSet(ssl, SSL_REQUEST_CERTIFICATE, PR_TRUE);
             SSL_OptionSet(ssl, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_NEVER);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git

