Fix incorrect handling of NSSVerifyClient in directory context

CVE-2013-4566 Resolves #1037722
author: Rob Crittenden <rcritten@redhat.com> 2014-02-20 16:51:17 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2014-02-21 14:20:19 -0500
commit: ff7637163c2677d1bff87583574c2378736de4e1 (patch)
tree: 365441b3477b382dc280580bf4e7d1d44f922c2f
parent: 84672b92cbe66b618420510b90de332b7efc4e98 (diff)
download: mod_nss-ff7637163c2677d1bff87583574c2378736de4e1.tar.gz
mod_nss-ff7637163c2677d1bff87583574c2378736de4e1.tar.xz
mod_nss-ff7637163c2677d1bff87583574c2378736de4e1.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/nss_engine_kernel.c b/nss_engine_kernel.c
index 1f37d45..b343382 100644
--- a/nss_engine_kernel.c
+++ b/nss_engine_kernel.c
@@ -280,7 +280,7 @@ int nss_hook_Access(request_rec *r)
 
         if (verify == SSL_CVERIFY_REQUIRE) {
             SSL_OptionSet(ssl, SSL_REQUEST_CERTIFICATE, PR_TRUE);
-            SSL_OptionSet(ssl, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_NO_ERROR);
+            SSL_OptionSet(ssl, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_ALWAYS);
         } else if (verify == SSL_CVERIFY_OPTIONAL) {
             SSL_OptionSet(ssl, SSL_REQUEST_CERTIFICATE, PR_TRUE);
             SSL_OptionSet(ssl, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_NEVER);
author	Rob Crittenden <rcritten@redhat.com>	2014-02-20 16:51:17 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2014-02-21 14:20:19 -0500
commit	ff7637163c2677d1bff87583574c2378736de4e1 (patch)
tree	365441b3477b382dc280580bf4e7d1d44f922c2f
parent	84672b92cbe66b618420510b90de332b7efc4e98 (diff)
download	mod_nss-ff7637163c2677d1bff87583574c2378736de4e1.tar.gz mod_nss-ff7637163c2677d1bff87583574c2378736de4e1.tar.xz mod_nss-ff7637163c2677d1bff87583574c2378736de4e1.zip