CVE-2017-8301

LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSLgetverifyresult is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx...

CVE-2017-8301

CVE-2017-8301 affects LibreSSL 2.5.1–2.5.3 and describes a TLS certificate verification weakness that can occur when relying on SSL_get_verify_result for a later check and a user-provided verification callback returns 1, demonstrated by nginx accepting invalid certificates. The core issue is insu...