Commit 515a0105 authored by David Woodhouse's avatar David Woodhouse Committed by Matt Caswell
Browse files

Fix SSL_export_keying_material() for DTLS1_BAD_VER 



Commit d8e8590e ("Fix missing return value checks in SCTP") made the
DTLS handshake fail, even for non-SCTP connections, if
SSL_export_keying_material() fails. Which it does, for DTLS1_BAD_VER.

Apply the trivial fix to make it succeed, since there's no real reason
why it shouldn't even though we never need it.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(cherry picked from commit c8a18468)
parent 2b4029e6

ssl/ssl_lib.c

+1 −1
Original line number Diff line number Diff line
@@ -1662,7 +1662,7 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, 
                               const unsigned char *p, size_t plen,

                               int use_context)

{

    if (s->version < TLS1_VERSION)

    if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)

        return -1;



    return s->method->ssl3_enc->export_keying_material(s, out, olen, label,