diff options
| author |   tb <tb@openbsd.org> | 2020-02-23 17:51:36 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2020-02-23 17:51:36 +0000 |
| commit | 94f24495a41ba11f6feaf07885bf61be1aaad417 (patch) | |
| tree | 63edb798fbafa9e2e196d56a659cb148b2b9b19a /lib/libssl/tls13_server.c | |
| parent | regen (diff) | |
| download | wireguard-openbsd-94f24495a41ba11f6feaf07885bf61be1aaad417.tar.xz wireguard-openbsd-94f24495a41ba11f6feaf07885bf61be1aaad417.zip | |
According to RFC 8446, Section 4.4.4, recipients of incorrect Finished
messages must terminate the connection with a decrypt_error alert, so
replace the use of the deprecated decryption_failed alert accordingly.
ok beck inoguchi jsing
Diffstat (limited to 'lib/libssl/tls13_server.c')
| -rw-r--r-- | lib/libssl/tls13_server.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index bb06b0f3989..eb865bcfb1a 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.25 2020/02/18 16:12:14 tb Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.26 2020/02/23 17:51:36 tb Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> * Copyright (c) 2020 Bob Beck <beck@openbsd.org> @@ -893,7 +893,7 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs) goto err; if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) { - ctx->alert = TLS1_AD_DECRYPTION_FAILED; + ctx->alert = TLS1_AD_DECRYPT_ERROR; goto err; } |