tlse icon indicating copy to clipboard operation
tlse copied to clipboard

Published 20 hours ago verified publisher icon eduardsui

Failure to notice incorrect handshake on SSL_connect

Open ronaaron opened this issue 3 years ago • 0 comments

Currently SSL_connect() will return success even if there was a critical error. The correction is:

@@ -10372,14 +10372,14 @@
         if (tls_consume_stream(context, client_message, read_size, ssl_data->certificate_verify) >= 0) {
             res = _tls_ssl_private_send_pending(ssl_data->fd, context);
             if (res < 0)
                 return res;
         }
+        if (context->critical_error)
+            return TLS_GENERIC_ERROR;
         if (tls_established(context))
             return 1;
-        if (context->critical_error)
-            return TLS_GENERIC_ERROR;
     }
     return read_size;
 }

ronaaron avatar Jul 07 '21 06:07 ronaaron