diff options
author | Matt Caswell <matt@openssl.org> | 2018-08-07 12:40:08 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-08-08 10:16:58 +0100 |
commit | de9e884b2f43c59834c2b1c3cfde35fa2c797f2b (patch) | |
tree | 6e696fc5f4b219da631d844d68cd9a392e966099 /ssl/statem/statem_lib.c | |
parent | 7426cd343d99d3d82e3fb06c8df18e5cc6bcec75 (diff) |
Tolerate encrypted or plaintext alerts
At certain points in the handshake we could receive either a plaintext or
an encrypted alert from the client. We should tolerate both where
appropriate.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6887)
Diffstat (limited to 'ssl/statem/statem_lib.c')
-rw-r--r-- | ssl/statem/statem_lib.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index caed61aaac..8a7d178a51 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -747,6 +747,12 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) /* This is a real handshake so make sure we clean it up at the end */ if (s->server) { + /* + * To get this far we must have read encrypted data from the client. We + * no longer tolerate unencrypted alerts. This value is ignored if less + * than TLSv1.3 + */ + s->statem.enc_read_state = ENC_READ_STATE_VALID; if (s->post_handshake_auth != SSL_PHA_REQUESTED) s->statem.cleanuphand = 1; if (SSL_IS_TLS13(s) && !tls13_save_handshake_digest_for_pha(s)) { |