CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2020/09/07 02:04:30
Modified files: lib/libssl : t1_lib.c Log message: Garbage collect renew_ticket in tls_decrypt_ticket This is only set in one place and read in one place to set the badly named tlsext_ticket_expected flag. It seems preferable to set this flag directly, thus simplifying the logic. This slightly changes the behavior in that this flag is now set earlier, but this seems preferable anyway. Any error between the old and the new position where the flag is set is either fatal (so the connection will be closed) or a decrypt error (so the flag will be set). discussed with jsing