diff options
author | Rob Crittenden <rcritten@redhat.com> | 2014-02-20 16:51:17 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2014-02-21 14:20:19 -0500 |
commit | ff7637163c2677d1bff87583574c2378736de4e1 (patch) | |
tree | 365441b3477b382dc280580bf4e7d1d44f922c2f | |
parent | 84672b92cbe66b618420510b90de332b7efc4e98 (diff) | |
download | mod_nss-ff7637163c2677d1bff87583574c2378736de4e1.tar.gz mod_nss-ff7637163c2677d1bff87583574c2378736de4e1.tar.xz mod_nss-ff7637163c2677d1bff87583574c2378736de4e1.zip |
Fix incorrect handling of NSSVerifyClient in directory context
CVE-2013-4566
Resolves #1037722
-rw-r--r-- | nss_engine_kernel.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nss_engine_kernel.c b/nss_engine_kernel.c index 1f37d45..b343382 100644 --- a/nss_engine_kernel.c +++ b/nss_engine_kernel.c @@ -280,7 +280,7 @@ int nss_hook_Access(request_rec *r) if (verify == SSL_CVERIFY_REQUIRE) { SSL_OptionSet(ssl, SSL_REQUEST_CERTIFICATE, PR_TRUE); - SSL_OptionSet(ssl, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_NO_ERROR); + SSL_OptionSet(ssl, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_ALWAYS); } else if (verify == SSL_CVERIFY_OPTIONAL) { SSL_OptionSet(ssl, SSL_REQUEST_CERTIFICATE, PR_TRUE); SSL_OptionSet(ssl, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_NEVER); |