summaryrefslogtreecommitdiff
path: root/src/lib/libssl/man/SSL_get_current_cipher.3
diff options
context:
space:
mode:
authortb <>2024-09-09 03:55:55 +0000
committertb <>2024-09-09 03:55:55 +0000
commit47902b1741d383c06ea246859858115749b1c9b6 (patch)
treee06cd6ad803d2054a9ad7291a58c613f30038750 /src/lib/libssl/man/SSL_get_current_cipher.3
parent461979ad807ebd887bb629ba3072f150b5390cd2 (diff)
downloadopenbsd-47902b1741d383c06ea246859858115749b1c9b6.tar.gz
openbsd-47902b1741d383c06ea246859858115749b1c9b6.tar.bz2
openbsd-47902b1741d383c06ea246859858115749b1c9b6.zip
Fix alert callback in the QUIC layer
Only close_notify and user_cancelled are warning alerts. All others should be fatal. In order for the lower layers to behave correctly, the return code for fatal alerts needs to be TLS13_IO_ALERT instead of TLS13_IO_SUCCESS. Failure to signal handshake failure in the public API led to a crash in HAProxy when forcing the tls cipher to TLS_AES_128_CCM_SHA256 as found by haproxyfred while investigating https://github.com/haproxy/haproxy/issues/2569 Kenjiro Nakayama found misbehavior of ngtcp2-based servers, wrote a similar patch and tested this version. Fixes https://github.com/libressl/portable/issues/1093 ok jsing
Diffstat (limited to 'src/lib/libssl/man/SSL_get_current_cipher.3')
0 files changed, 0 insertions, 0 deletions