search

eduardsui / tlse

Single C file TLS 1.2/1.3 implementation, using tomcrypt as crypto library
Other
535 stars 87 forks source link

Possible bug in SSL_connect() #56

Closed ronaaron closed 3 years ago

ronaaron commented 3 years ago

Around line 10339 in tlse.c, the code

if (tls_established(context))
     return 1;
if (context->critical_error)
     return TLS_GENERIC_ERROR;

is wrong, I think. Because in bug #55 the tls_consume_stream() actually fails (returns -4) but the tls_established() returns true.

I think the critical_error check should happen first.

ronaaron commented 3 years ago

Well, reversing the order causes some other problem. So now I'm unsure.

eduardsui commented 3 years ago

I think this should be rewritten like this:

int err = tls_established(context);
if (err < 0)
    return err;
if (err)
    return 1;
ronaaron commented 3 years ago

Hmm. No, that still fails the connection with the URLs I gave.

"https://google.com/" is ok, but the "https://www.posti.fi/" and "https://www.calendardate.com/todays.htm" both fail.

Perhaps there is some other issue at play.

eduardsui commented 3 years ago

Hello Ron. Just tested it with www.calendardate.com, it works. Maybe there was some kind of unsupported certificate?