Matt Caswell c1c1bb7c5e Fix invalid handling of verify errors in libssl ... In the event that X509_verify() returned an internal error result then libssl would mishandle this and set rwstate to SSL_RETRY_VERIFY. This subsequently causes SSL_get_error() to return SSL_ERROR_WANT_RETRY_VERIFY. That return code is supposed to only ever be returned if an application is using an app verify callback to complete replace the use of X509_verify(). Applications may not be written to expect that return code and could therefore crash (or misbehave in some other way) as a result. CVE-2021-4044 Reviewed-by: Tomas Mraz <tomas@openssl.org>		2021-12-14 13:48:34 +00:00
..
record	Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix	2021-11-17 15:48:34 +01:00
statem	Fix invalid handling of verify errors in libssl	2021-12-14 13:48:34 +00:00
bio_ssl.c
build.info
d1_lib.c
d1_msg.c
d1_srtp.c
ktls.c
methods.c
pqueue.c
s3_cbc.c
s3_enc.c
s3_lib.c	Don't free the EVP_PKEY on error in set0_tmp_dh_pkey() functions	2021-12-07 12:16:50 +00:00
s3_msg.c
ssl_asn1.c
ssl_cert_table.h
ssl_cert.c	Fix invalid handling of verify errors in libssl	2021-12-14 13:48:34 +00:00
ssl_ciph.c	Don't include any TLSv1.3 ciphersuites that are disabled	2021-11-29 12:17:30 +10:00
ssl_conf.c
ssl_err_legacy.c
ssl_err.c
ssl_init.c
ssl_lib.c	Don't free the EVP_PKEY on error in set0_tmp_dh_pkey() functions	2021-12-07 12:16:50 +00:00
ssl_local.h	Enable brainpool curves for TLS1.3	2021-11-26 06:45:19 +01:00
ssl_mcnf.c
ssl_rsa_legacy.c
ssl_rsa.c	Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix	2021-11-17 15:48:34 +01:00
ssl_sess.c
ssl_stat.c
ssl_txt.c
ssl_utst.c
sslerr.h
t1_enc.c
t1_lib.c	Enable brainpool curves for TLS1.3	2021-11-26 06:45:19 +01:00
t1_trce.c	Enable brainpool curves for TLS1.3	2021-11-26 06:45:19 +01:00
tls13_enc.c
tls_depr.c
tls_srp.c