Fail early in legacy exporter if master secret is not available - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2021-02-03 15:14:44 +0000
committer	tb <>	2021-02-03 15:14:44 +0000
commit	d6d50e500ca9581b9fa9970114855f753fe024b0 (patch)
tree	7a460e4bfe54e5106bfc673f7309653ac74fb3f9 /src/lib/libssl/s3_lib.c
parent	281cf5fb54729c195620c8405d0e7e34055ddc35 (diff)
download	openbsd-d6d50e500ca9581b9fa9970114855f753fe024b0.tar.gz openbsd-d6d50e500ca9581b9fa9970114855f753fe024b0.tar.bz2 openbsd-d6d50e500ca9581b9fa9970114855f753fe024b0.zip

Fail early in legacy exporter if master secret is not available

The exporter depends on having a master secret. If the handshake is not completed, it is neither guaranteed that a shared ciphersuite was selected (in which case tls1_PRF() will currently NULL deref) or that a master secret was set up (in which case the exporter will succeed with a predictable value). Neither outcome is desirable, so error out early instead of entering the sausage factory unprepared. This aligns the legacy exporter with the TLSv1.3 exporter in that regard. with/ok jsing

Diffstat (limited to 'src/lib/libssl/s3_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: