Commit 8ed92460 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix BAD CCS alert in DTLS 



Set the correct variable, and then actually send the alert!

Found by, and fix suggested by, Raja Ashok.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3009)
parent ffcdb0e6

ssl/d1_pkt.c

+2 −2
Original line number Diff line number Diff line
@@ -1323,9 +1323,9 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) 
        /* XDTLS: check that epoch is consistent */

        if ((rr->length != ccs_hdr_len) ||

            (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {

            i = SSL_AD_ILLEGAL_PARAMETER;

            al = SSL_AD_ILLEGAL_PARAMETER;

            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);

            goto err;

            goto f_err;

        }



        rr->length = 0;