diff options
| author |   tb <tb@openbsd.org> | 2020-01-22 05:06:23 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2020-01-22 05:06:23 +0000 |
| commit | 138e3c44917861170a76677532999de39025dd0c (patch) | |
| tree | 3ae103bcaed44ad139c7ab878bdabf167f8e3467 /lib/libssl/tls13_client.c | |
| parent | rm rtfps driver. disabled and man page doesn't inspire much confidence. (diff) | |
| download | wireguard-openbsd-138e3c44917861170a76677532999de39025dd0c.tar.xz wireguard-openbsd-138e3c44917861170a76677532999de39025dd0c.zip | |
After the ClientHello has been sent or received and before the peer's
Finished message has been received, a change cipher spec may be received
and must be ignored. Add a flag to the record layer struct and set it at
the appropriate moments during the handshake so that we will ignore it.
ok jsing
Diffstat (limited to 'lib/libssl/tls13_client.c')
| -rw-r--r-- | lib/libssl/tls13_client.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index ef4c3de75f4..b42167a58a1 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.25 2020/01/22 03:20:09 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.26 2020/01/22 05:06:23 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -223,6 +223,7 @@ int tls13_client_hello_sent(struct tls13_ctx *ctx) { tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION); + tls13_record_layer_allow_ccs(ctx->rl, 1); return 1; } @@ -750,6 +751,8 @@ tls13_server_finished_recv(struct tls13_ctx *ctx) &secrets->server_application_traffic)) goto err; + tls13_record_layer_allow_ccs(ctx->rl, 0); + ret = 1; err: |