Fail early in legacy exporter if master secret is not available - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	tb <tb@openbsd.org>	2021-02-03 15:14:44 +0000
committer	tb <tb@openbsd.org>	2021-02-03 15:14:44 +0000
commit	9ae62f4dfb39031110048c25e86bfecb964d3b9a (patch)
tree	b754af9b4fe8f46796e87fdb07213cff914e7091 /share/man/man5
parent	unbreak getline() conversion in disklabel (diff)
download	wireguard-openbsd-9ae62f4dfb39031110048c25e86bfecb964d3b9a.tar.xz wireguard-openbsd-9ae62f4dfb39031110048c25e86bfecb964d3b9a.zip

Fail early in legacy exporter if master secret is not available

The exporter depends on having a master secret. If the handshake is not completed, it is neither guaranteed that a shared ciphersuite was selected (in which case tls1_PRF() will currently NULL deref) or that a master secret was set up (in which case the exporter will succeed with a predictable value). Neither outcome is desirable, so error out early instead of entering the sausage factory unprepared. This aligns the legacy exporter with the TLSv1.3 exporter in that regard. with/ok jsing

Diffstat (limited to 'share/man/man5')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: