oss-sec mailing list archives
Re: Re: CVE request: irssi 0.8.15
From: Jamie Strandboge <jamie () canonical com>
Date: Sat, 17 Apr 2010 16:37:59 -0500
FYI, I backported the following svn commits to 0.8.14 for the SSL issue: r5104: Check if an SSL certificate matches the hostname of the server we are connecting to r5107: Use one SSL_CTX per connection, use default trusted CAs if nothing specified. This allows useful use of -ssl_verify without -ssl_cafile/-ssl_capath, using OpenSSL's default trusted CAs. r5108: Call OpenSSL_add_all_algorithms(), may be needed to verify SHA256 certs with certain versions of OpenSSL. r5116: network-openssl: Show why a certificate failed validation. r5136 Do not use SSLv2 protocol. From Bazerka. However, after rolling it out Steve Langasek discovered a bug when connecting to an SSL irc proxy server[1]. His patch (attached) adjusts it so when we have a proxy setting, expect the CN to match the proxy hostname, not the server hostname [1] https://bugs.launchpad.net/ubuntu/+source/irssi/+bug/565182 -- Jamie Strandboge | http://www.canonical.com
Attachment:
irssi-565182.diff
Description:
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- CVE request: irssi 0.8.15 Tobias Heinlein (Apr 11)
- <Possible follow-ups>
- Re: CVE request: irssi 0.8.15 Josh Bressers (Apr 12)
- Re: CVE request: irssi 0.8.15 Steven M. Christey (Apr 12)
- Re: CVE request: irssi 0.8.15 Josh Bressers (Apr 13)
- Re: CVE request: irssi 0.8.15 Tomas Hoger (Apr 13)
- Re: CVE request: irssi 0.8.15 Steven M. Christey (Apr 12)
- Re: CVE request: irssi 0.8.15 Wouter Coekaerts (Apr 13)
- Re: Re: CVE request: irssi 0.8.15 Jamie Strandboge (Apr 17)
- Re: Re: CVE request: irssi 0.8.15 Wouter Coekaerts (Apr 26)
- Re: Re: CVE request: irssi 0.8.15 Steve Langasek (Apr 27)
- Re: Re: CVE request: irssi 0.8.15 Jamie Strandboge (Apr 17)