]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
Return SSL_AD_UNEXPECTED_MESSAGE alert when receiving any other change_cipher_spec... 24998/head
authorcx <1249843194@qq.com>
Wed, 21 Aug 2024 18:13:01 +0000 (02:13 +0800)
committerMatt Caswell <matt@openssl.org>
Mon, 26 Aug 2024 09:58:10 +0000 (10:58 +0100)
Fixes: #25086
CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25257)

ssl/record/methods/tls_common.c

index 0c2414f76e1ff6d89075153b372206e38cf926bf..6f985180482edd9ec79eafedec9cb7413d60312a 100644 (file)
@@ -744,7 +744,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
          * CCS messages must be exactly 1 byte long, containing the value 0x01
          */
         if (thisrr->length != 1 || thisrr->data[0] != 0x01) {
-            RLAYERfatal(rl, SSL_AD_ILLEGAL_PARAMETER,
+            RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE,
                         SSL_R_INVALID_CCS_MESSAGE);
             return OSSL_RECORD_RETURN_FATAL;
         }