]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ad01b01) | patch
Go into the error state if a fatal alert is sent or received
authorMatt Caswell <matt@openssl.org>
Thu, 13 Dec 2018 17:16:55 +0000 (17:16 +0000)
committerMatt Caswell <matt@openssl.org>
Tue, 26 Feb 2019 10:51:56 +0000 (10:51 +0000)
commit5741d5bb74797e4532acc9f42e54c44a2726c179
tree910aedb1d1689387f62a3d0db9b3048e1c2fd403tree | snapshot
parentad01b01c16b0b9d95de79c3b01398e3582a5105bcommit | diff
Go into the error state if a fatal alert is sent or received

1.1.0 is not impacted by CVE-2019-1559, but this commit is a follow on
from that. That CVE was a result of applications calling SSL_shutdown
after a fatal alert has occurred. By chance 1.1.0 is not vulnerable to
that issue, but this change is additional hardening to prevent other
similar issues.

Reviewed-by: Richard Levitte <levitte@openssl.org>
ssl/record/rec_layer_d1.c diff | blob | blame | history
ssl/record/rec_layer_s3.c diff | blob | blame | history
ssl/s3_msg.c diff | blob | blame | history
ssl/statem/statem.c diff | blob | blame | history
A mirror of the official openssl repository