artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 268dad5) | patch
Avoid transcript initialisation when sending a TLS HelloRequest.
authorjsing <jsing@openbsd.org>
Mon, 29 Mar 2021 16:56:20 +0000 (16:56 +0000)
committerjsing <jsing@openbsd.org>
Mon, 29 Mar 2021 16:56:20 +0000 (16:56 +0000)
commit5c4127adeea384f7e8f31247856a5d2af9902964
tree83e9a128355a4f342fef12de0049a0185bd7a846tree | snapshot
parent268dad53d6e6176ac2f0893130b94dd69e18f3efcommit | diff
Avoid transcript initialisation when sending a TLS HelloRequest.

When server side renegotiation is triggered, the TLSv1.2 state machine
sends a HelloRequest before going to ST_SW_FLUSH and ST_OK. In this case
we do not need the transcript and currently hit the sanity check in ST_OK
that ensures the transcript has been freed, breaking server initiated
renegotiation. We do however need the transcript in the DTLS case.

ok tb@
lib/libssl/ssl_srvr.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim