Fix alert callback in the QUIC layer - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2024-09-09 03:55:55 +0000
committer	tb <>	2024-09-09 03:55:55 +0000
commit	ed93e0377bf9cc0a5c4280d9bb7a044146a05a98 (patch)
tree	e06cd6ad803d2054a9ad7291a58c613f30038750 /src/lib/libcrypto/err/err.c
parent	6a0a2885d3954aea22b4da65c4715f7b744dac46 (diff)
download	openbsd-ed93e0377bf9cc0a5c4280d9bb7a044146a05a98.tar.gz openbsd-ed93e0377bf9cc0a5c4280d9bb7a044146a05a98.tar.bz2 openbsd-ed93e0377bf9cc0a5c4280d9bb7a044146a05a98.zip

Fix alert callback in the QUIC layer

Only close_notify and user_cancelled are warning alerts. All others should be fatal. In order for the lower layers to behave correctly, the return code for fatal alerts needs to be TLS13_IO_ALERT instead of TLS13_IO_SUCCESS. Failure to signal handshake failure in the public API led to a crash in HAProxy when forcing the tls cipher to TLS_AES_128_CCM_SHA256 as found by haproxyfred while investigating https://github.com/haproxy/haproxy/issues/2569 Kenjiro Nakayama found misbehavior of ngtcp2-based servers, wrote a similar patch and tested this version. Fixes https://github.com/libressl/portable/issues/1093 ok jsing

Diffstat (limited to 'src/lib/libcrypto/err/err.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: