After the ClientHello has been sent or received and before the peer's

Finished message has been received, a change cipher spec may be received and must be ignored. Add a flag to the record layer struct and set it at the appropriate moments during the handshake so that we will ignore it. ok jsing
author: tb <> 2020-01-22 05:06:23 +0000
committer: tb <> 2020-01-22 05:06:23 +0000
commit: 4b92405e2113c3e8102d9a350ef1fd286f9c5007 (patch)
tree: f5dc757ef7c1ccce03be8af3c9c22f746cace496 /src/lib/libssl/tls13_server.c
parent: bf9da0a40766c4c53baae742d06d3fd51706e563 (diff)
download: openbsd-4b92405e2113c3e8102d9a350ef1fd286f9c5007.tar.gz
openbsd-4b92405e2113c3e8102d9a350ef1fd286f9c5007.tar.bz2
openbsd-4b92405e2113c3e8102d9a350ef1fd286f9c5007.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 10d85a62b3..fc3e80ad58 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.4 2020/01/22 02:21:05 beck Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.5 2020/01/22 05:06:23 tb Exp $ */
 /*
 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -81,6 +81,8 @@ tls13_legacy_accept(SSL *ssl)
 int
 tls13_client_hello_recv(struct tls13_ctx *ctx)
 {
+        tls13_record_layer_allow_ccs(ctx->rl, 1);
        return 0;
 }
@@ -135,6 +137,8 @@ tls13_client_certificate_verify_recv(struct tls13_ctx *ctx)
 int
 tls13_client_finished_recv(struct tls13_ctx *ctx)
 {
+        tls13_record_layer_allow_ccs(ctx->rl, 0);
        return 0;
 }
author	tb <>	2020-01-22 05:06:23 +0000
committer	tb <>	2020-01-22 05:06:23 +0000
commit	4b92405e2113c3e8102d9a350ef1fd286f9c5007 (patch)
tree	f5dc757ef7c1ccce03be8af3c9c22f746cace496 /src/lib/libssl/tls13_server.c
parent	bf9da0a40766c4c53baae742d06d3fd51706e563 (diff)
download	openbsd-4b92405e2113c3e8102d9a350ef1fd286f9c5007.tar.gz openbsd-4b92405e2113c3e8102d9a350ef1fd286f9c5007.tar.bz2 openbsd-4b92405e2113c3e8102d9a350ef1fd286f9c5007.zip