SSL certificate checking bypass in openssl

2009-01-23T16:31:52
ID SUSE-SA:2009:006
Type suse
Reporter Suse
Modified 2009-01-23T16:31:52

Description

The OpenSSL certificate checking routines EVP_VerifyFinal can return negative values and 0 on failure. In some places negative values were not checked and considered successful verification. Prior to this update it was possible to bypass the certification chain checks of openssl.

Solution

There is no known workaround, please install the update packages.