Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

CVE 2020-5902 Point Release with VS Client Authentication

OTS02
Cirrus
Cirrus

‎22-Jul-2020 12:18

Just upgraded LTMs from version 12.1.3.0.0.378 to 12.1.5.2 Build 0.0.10 Point Release 2.

Have VSs that request Client Authentication, and an iRule that loops through the client certs, and scrutinizes the certificates.

The Point Release delivers the client certificates in a different format than version 12.1.3.0.0. This caused the iRule to reject the certificates.

So if you have a VS that request and examines client certificates, and are going to install a version that fixes CVE 2020-5902, please be aware that you may have to edit you iRule to look for a slightly different format.

0 Kudos
2 REPLIES 2

jaikumar_f5
MVP
MVP

‎23-Jul-2020 02:32

Yes I've encountered this too. I had to change the Irule in my case.

 

K14204621: The X509::subject iRules command now returns the subject of the specified X509 certificat...

 

0 Kudos

OTS02
Cirrus
Cirrus

‎23-Jul-2020 09:30

Thank you jaikumar_f5 for article K14204621.

Copyright © 2023 Khoros, LLC