SSL certificate checking bypass in openssl

ID SUSE-SA:2009:006
Type suse
Reporter Suse
Modified 2009-01-23T16:31:52


The OpenSSL certificate checking routines EVP_VerifyFinal can return negative values and 0 on failure. In some places negative values were not checked and considered successful verification. Prior to this update it was possible to bypass the certification chain checks of openssl.


There is no known workaround, please install the update packages.