Ensure that a TLSv1.3 server has provided a certificate. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2020-05-16 14:44:55 +0000
committer	jsing <>	2020-05-16 14:44:55 +0000
commit	5c53acc6f2d8bb7bc7f1b005a980ccf36e27df34 (patch)
tree	deaa6e5465c23ac8df9e8a0e2afe3ddc37ec8360 /src/lib/libssl/tls13_record_layer.c
parent	cd9161dab16deafb0bbe1178eda3d8e5f8a513e4 (diff)
download	openbsd-5c53acc6f2d8bb7bc7f1b005a980ccf36e27df34.tar.gz openbsd-5c53acc6f2d8bb7bc7f1b005a980ccf36e27df34.tar.bz2 openbsd-5c53acc6f2d8bb7bc7f1b005a980ccf36e27df34.zip

Ensure that a TLSv1.3 server has provided a certificate.

The RFC requires that a server always provide a certificate for authentication. Ensure that this is the case, rather than proceeding and attempting validation. In the case where validation was disabled and the server returned an empty certificate list, this would have previously resulted in a NULL pointer deference. Issue reported by otto@ ok inoguchi@ tb@

Diffstat (limited to 'src/lib/libssl/tls13_record_layer.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: