diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2020-02-23 17:51:37 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2020-02-23 17:51:37 +0000 |
| commit | 8495b92047543113282c7304c2fcfb649c5f19d1 (patch) | |
| tree | 2a4d6b17dc5e4cd4502029f9a64d52739624cf23 /lib/libssl/tls13_client.c | |
| parent | 467b4c69a44d14e956bc4738197b4678dbbd12b2 (diff) | |
According to RFC 8446, Section 4.4.4, recipients of incorrect Finished
messages must terminate the connection with a decrypt_error alert, so
replace the use of the deprecated decryption_failed alert accordingly.
ok beck inoguchi jsing
Diffstat (limited to 'lib/libssl/tls13_client.c')
| -rw-r--r-- | lib/libssl/tls13_client.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index e9eee19bff9..1c9debc4e5f 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.44 2020/02/18 16:12:14 tb Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.45 2020/02/23 17:51:36 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -868,7 +868,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) goto err; if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) { - ctx->alert = TLS1_AD_DECRYPTION_FAILED; + ctx->alert = TLS1_AD_DECRYPT_ERROR; goto err; } |