From f3ef7a264043562a0023e00fad77869008429591 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 9 Mar 2014 18:19:32 +0200 Subject: [PATCH] TLS client: Send decrypt_error on verify_data validation error Previously, this was silently dropped which left the connection waiting for timeout. decrypt_error alert can be used here to avoid that. Signed-off-by: Jouni Malinen --- src/tls/tlsv1_client_read.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/tls/tlsv1_client_read.c b/src/tls/tlsv1_client_read.c index 475a6e903..8367e3615 100644 --- a/src/tls/tlsv1_client_read.c +++ b/src/tls/tlsv1_client_read.c @@ -931,6 +931,8 @@ static int tls_process_server_finished(struct tlsv1_client *conn, u8 ct, if (os_memcmp(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) { wpa_printf(MSG_INFO, "TLSv1: Mismatch in verify_data"); + tls_alert(conn, TLS_ALERT_LEVEL_FATAL, + TLS_ALERT_DECRYPT_ERROR); return -1; }