Skip to content

Commit

Permalink
Update info about OCSP responder vulnerability [ci skip]
Browse files Browse the repository at this point in the history
  • Loading branch information
@randombit
randombit committed May 12, 2024
1 parent 6bc081f commit efc4d24
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions doc/security.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ https://keybase.io/jacklloyd and on most PGP keyservers.
2022
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* 2022-11-16: Failure to correctly check OCSP responder embedded certificate
* 2022-11-16 (CVE-2022-43705): Failure to correctly check OCSP responder embedded certificate

OCSP responses for some end entity are either signed by the issuing CA certificate of
the PKI, or an OCSP responder certificate that the PKI authorized to sign responses in
Expand All @@ -60,7 +60,7 @@ https://keybase.io/jacklloyd and on most PGP keyservers.
could exploit this to impersonate a legitimate TLS server using a compromised
certificate of that host and get around the revocation check using OCSP stapling.

Introduced in 1.11.34, fixed in 2.19.3
Introduced in 1.11.34, fixed in 2.19.3 and 3.0.0

2020
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Expand Down

0 comments on commit efc4d24

Please sign in to comment.