Avoid transcript initialisation when sending a TLS HelloRequest. - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	jsing <jsing@openbsd.org>	2021-03-29 16:56:20 +0000
committer	jsing <jsing@openbsd.org>	2021-03-29 16:56:20 +0000
commit	5c4127adeea384f7e8f31247856a5d2af9902964 (patch)
tree	83e9a128355a4f342fef12de0049a0185bd7a846 /lib/libssl/ssl_lib.c
parent	Move finished and peer finished to the handshake struct. (diff)
download	wireguard-openbsd-5c4127adeea384f7e8f31247856a5d2af9902964.tar.xz wireguard-openbsd-5c4127adeea384f7e8f31247856a5d2af9902964.zip

Avoid transcript initialisation when sending a TLS HelloRequest.

When server side renegotiation is triggered, the TLSv1.2 state machine sends a HelloRequest before going to ST_SW_FLUSH and ST_OK. In this case we do not need the transcript and currently hit the sanity check in ST_OK that ensures the transcript has been freed, breaking server initiated renegotiation. We do however need the transcript in the DTLS case. ok tb@

Diffstat (limited to 'lib/libssl/ssl_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: