[strongSwan] User openssl's PUBKEY_VERIFY instead of gmp's for CVE-2017-11185

Tobias Brunner tobias at strongswan.org
Tue Aug 22 10:10:52 CEST 2017


Hi Karthik,

> (/almost/ because rare case of openssl can't verify signature and so gmp
> takes over)

Actually, it's not the verifying that will fall back to a different
implementation, but the parsing of the public key.  Once it is
successfully parsed by an implementation that implementation will be
used to verify signatures for this key.

Regards,
Tobias


More information about the Users mailing list