Stunnel accepts blocked certificates
An update for the stunnel SSL wrapper has been issued in order to close a hole in its handling of x.509 certificates. Due to an error in a function that uses the Online Certificate Status Protocol (OCSP) to check the validity of certificates, an attacker can log in successfully using an already blocked certificate. The developers recommend users of the OCSP function to upgrade to stunnel version 4.24 as soon as possible.
See also:
- stunnel 4.24 released, notification on the stunnel mailing list
(mba)