TLS server: Local failure information on verify_data mismatch

Mark connection state FAILED in this case even though TLS Alert is not
sent.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/tls/tlsv1_server_read.c b/src/tls/tlsv1_server_read.c
index 5ff9f89f386dda8f0128b29448791ca02742d51f..e957678fc0d999b40306b1dca28181a7a59f1490 100644 (file)
--- a/src/tls/tlsv1_server_read.c
+++ b/src/tls/tlsv1_server_read.c
@@ -1245,6 +1245,7 @@ static int tls_process_client_finished(struct tlsv1_server *conn, u8 ct,
 
        if (os_memcmp_const(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) {
                tlsv1_server_log(conn, "Mismatch in verify_data");
+               conn->state = FAILED;
                return -1;
        }