Backport #8582
closed
- Category set to ext/openssl
- Assignee set to MartinBosslet (Martin Bosslet)
- Target version set to 2.1.0
Would be great if this is released in the next 2.0.0 patch level.
- Status changed from Open to Closed
Implicitly resolved by r41805 from #8575.
- Tracker changed from Misc to Backport
- Project changed from Ruby master to Backport200
- Category deleted (
ext/openssl)
- Status changed from Closed to Assigned
- Assignee changed from MartinBosslet (Martin Bosslet) to nagachika (Tomoyuki Chikanaga)
- Target version deleted (
2.1.0)
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r41812.
Santiago, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
merge revision(s) 41805: [Backport #8575] [Backport #8582]
* lib/openssl/ssl.rb: Fix SSL client connection crash for SAN marked
critical.
The patch for CVE-2013-4073 caused SSL crash when a SSL server returns
the certificate that has critical SAN value. X509 extension could
include 2 or 3 elements in it:
[id, criticality, octet_string] if critical,
[id, octet_string] if not.
Making sure to pick the last element of X509 extension and use it as
SAN value.
[ruby-core:55685] [Bug #8575]
Thank you @nahi for providing the patch!
Also available in: Atom
PDF
Like0
Like0Like0Like0Like0Like0
Updated by 
Updated by 
Updated by