mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2024-12-28 15:17:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e0c6f80403
mbedtls/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
Elena Uziunaite e0c6f80403 Tiny fix in ChangeLog 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-08-22 09:00:57 +01:00

12 lines
696 B
Plaintext
Raw Blame History

Security
* With TLS 1.3, when a server enables optional authentication of the
client, if the client-provided certificate does not have appropriate values
in keyUsage or extKeyUsage extensions, then the return value of
mbedtls_ssl_get_verify_result() would incorrectly have the
MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits
clear. As a result, an attacker that had a certificate valid for uses other
than TLS client authentication could be able to use it for TLS client
authentication anyway. Only TLS 1.3 servers were affected, and only with
optional authentication (required would abort the handshake with a fatal
alert).
Reference in New Issue View Git Blame Copy Permalink