The branch OpenSSL_1_0_1-stable has been updated via 515a0105652a1b84d712b4d162cf859c02bf5450 (commit) from 2b4029e68fd7002d2307e6c3cde0f3784eef9c83 (commit)
- Log ----------------------------------------------------------------- commit 515a0105652a1b84d712b4d162cf859c02bf5450 Author: David Woodhouse <david.woodho...@intel.com> Date: Fri Jul 8 20:46:07 2016 +0100 Fix SSL_export_keying_material() for DTLS1_BAD_VER Commit d8e8590e ("Fix missing return value checks in SCTP") made the DTLS handshake fail, even for non-SCTP connections, if SSL_export_keying_material() fails. Which it does, for DTLS1_BAD_VER. Apply the trivial fix to make it succeed, since there's no real reason why it shouldn't even though we never need it. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit c8a18468caef4d62778381be0acdadc8a88d6e51) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 896b5a3..83ef233 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1662,7 +1662,7 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const unsigned char *p, size_t plen, int use_context) { - if (s->version < TLS1_VERSION) + if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER) return -1; return s->method->ssl3_enc->export_keying_material(s, out, olen, label, _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits