From: Jouni Malinen <j@w1.fi>
Date: Sat, 9 Feb 2019 16:05:45 +0000 (+0200)
Subject: TLS server: Local failure information on verify_data mismatch
X-Git-Tag: hostap_2_8~396
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=19dd7a736ed9928505f1b9886e002210d0adf44b;p=thirdparty%2Fhostap.git

TLS server: Local failure information on verify_data mismatch

Mark connection state FAILED in this case even though TLS Alert is not
sent.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/tls/tlsv1_server_read.c b/src/tls/tlsv1_server_read.c
index 5ff9f89f3..e957678fc 100644
--- a/src/tls/tlsv1_server_read.c
+++ b/src/tls/tlsv1_server_read.c
@@ -1245,6 +1245,7 @@ static int tls_process_client_finished(struct tlsv1_server *conn, u8 ct,
 
 	if (os_memcmp_const(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) {
 		tlsv1_server_log(conn, "Mismatch in verify_data");
+		conn->state = FAILED;
 		return -1;
 	}