search

eduardsui / tlse

Single C file TLS 1.2/1.3 implementation, using tomcrypt as crypto library
Other
545 stars 90 forks source link

Failure to notice incorrect handshake on SSL_connect #64

Closed ronaaron closed 1 year ago

ronaaron commented 3 years ago

Currently SSL_connect() will return success even if there was a critical error. The correction is:

@@ -10372,14 +10372,14 @@
         if (tls_consume_stream(context, client_message, read_size, ssl_data->certificate_verify) >= 0) {
             res = _tls_ssl_private_send_pending(ssl_data->fd, context);
             if (res < 0)
                 return res;
         }
+        if (context->critical_error)
+            return TLS_GENERIC_ERROR;
         if (tls_established(context))
             return 1;
-        if (context->critical_error)
-            return TLS_GENERIC_ERROR;
     }
     return read_size;
 }