Hi Andrew,
On 05/09/2018 06:13 AM, Andrew Zaborowski wrote:
When we send an Alert message to the peer (and our alerts are always
fatal) ignore any buffered messages we've received. When the
certificate chain verification fails on a client we are usually
processing the third message in a sequence of five received from the
server. We would then send an Alert and forget the negotiated state,
then process the two remaining messages which would result in two more
Alerts being sent, with the default TLS 1.0 version header. There is
no need to process those remaining messages.
---
ell/tls-private.h | 1 +
ell/tls-record.c | 10 ++++++++++
2 files changed, 11 insertions(+)
Applied, thanks.
Regards,
-Denis