Fail early in legacy exporter if master secret is not available - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2021-02-03 15:14:44 +0000
committer	tb <>	2021-02-03 15:14:44 +0000
commit	a5e93fc7b4feac54578a8c48f8eb98244e56fad6 (patch)
tree	7a460e4bfe54e5106bfc673f7309653ac74fb3f9 /src/lib/libc
parent	c90f8c720a52664554ebc8ed8e69520cfb3cfe74 (diff)
download	openbsd-a5e93fc7b4feac54578a8c48f8eb98244e56fad6.tar.gz openbsd-a5e93fc7b4feac54578a8c48f8eb98244e56fad6.tar.bz2 openbsd-a5e93fc7b4feac54578a8c48f8eb98244e56fad6.zip

Fail early in legacy exporter if master secret is not available

The exporter depends on having a master secret. If the handshake is not completed, it is neither guaranteed that a shared ciphersuite was selected (in which case tls1_PRF() will currently NULL deref) or that a master secret was set up (in which case the exporter will succeed with a predictable value). Neither outcome is desirable, so error out early instead of entering the sausage factory unprepared. This aligns the legacy exporter with the TLSv1.3 exporter in that regard. with/ok jsing

Diffstat (limited to 'src/lib/libc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: