MEDIUM 5.3

RUSTSEC-2022-0027

`OCSP_basic_verify` may incorrectly verify the response signing certificate

상세

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify.

It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

crates.io / openssl-src

최초 영향 버전: 300.0.0 수정 버전: 300.0.6

Upgrade openssl-src to 300.0.6 or newer (ecosystem crates.io).

참고

https://crates.io/crates/openssl-src [PACKAGE]
https://rustsec.org/advisories/RUSTSEC-2022-0027.html [ADVISORY]
https://www.openssl.org/news/secadv/20220503.txt [WEB]