diff options
| author |   tb <tb@openbsd.org> | 2020-08-31 14:04:51 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2020-08-31 14:04:51 +0000 |
| commit | 9a3f7535fd75ed526727ea8e8539a7d862d8a5ad (patch) | |
| tree | 8271c6ea1906c3d1c740b812d4774f97937491e0 /lib/libssl/ssl_srvr.c | |
| parent | Backout clear endpoint stall on open(2). It seems to break an illuminated (diff) | |
| download | wireguard-openbsd-9a3f7535fd75ed526727ea8e8539a7d862d8a5ad.tar.xz wireguard-openbsd-9a3f7535fd75ed526727ea8e8539a7d862d8a5ad.zip | |
Send alert on ssl_get_prev_session failure
ssl_get_prev_session() can fail for various reasons some of which
may be internal_error others decode_error alerts. Propagate the
appropriate alert up to the caller so we can abort the handshake
by sending a fatal alert instead of rudely closing the pipe.
Currently only 28 of 292 test cases of tlsfuzzer's test-extension.py pass.
With this diff, 272 pass. The rest will require fixes elsewhere.
ok beck inoguchi jsing
Diffstat (limited to 'lib/libssl/ssl_srvr.c')
| -rw-r--r-- | lib/libssl/ssl_srvr.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 67671f276cd..745b15aad05 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.80 2020/07/03 04:12:50 tb Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.81 2020/08/31 14:04:51 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -920,11 +920,11 @@ ssl3_get_client_hello(SSL *s) CBS_dup(&cbs, &ext_block); - i = ssl_get_prev_session(s, &session_id, &ext_block); + i = ssl_get_prev_session(s, &session_id, &ext_block, &al); if (i == 1) { /* previous session */ s->internal->hit = 1; } else if (i == -1) - goto err; + goto f_err; else { /* i == 0 */ if (!ssl_get_new_session(s, 1)) |