CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2021/02/03 08:14:44
Modified files: lib/libssl : t1_enc.c Log message: Fail early in legacy exporter if master secret is not available The exporter depends on having a master secret. If the handshake is not completed, it is neither guaranteed that a shared ciphersuite was selected (in which case tls1_PRF() will currently NULL deref) or that a master secret was set up (in which case the exporter will succeed with a predictable value). Neither outcome is desirable, so error out early instead of entering the sausage factory unprepared. This aligns the legacy exporter with the TLSv1.3 exporter in that regard. with/ok jsing