Invalid SSL Certificates are sent
Bug #710100 reported by
Quicksilver
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| StrongDC++ |
New
|
Undecided
|
Unassigned | ||
Bug Description
StrongDC++ 2.42 has included the DC++ 0.78 bug (fixed in 0.781) to send invalid SSL certificates in encrypted connections.
StrongDC++ sends 0-byte long integers in its cert which is not allowed.
This makes connections with clients that respect integrity of SSL impossible. OpenSSL itself seems coded very lenient to allow for this, but connections with clients not using OpenSSL should fail.
To post a comment you must log in.
