CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2021/03/29 10:56:20
Modified files:
lib/libssl : ssl_srvr.c
Log message:
Avoid transcript initialisation when sending a TLS HelloRequest.
When server side renegotiation is triggered, the TLSv1.2 state machine
sends a HelloRequest before going to ST_SW_FLUSH and ST_OK. In this case
we do not need the transcript and currently hit the sanity check in ST_OK
that ensures the transcript has been freed, breaking server initiated
renegotiation. We do however need the transcript in the DTLS case.
ok tb@
