tls-peer: Return INVALID_STATE after changing TLS 1.3 keys
authorTobias Brunner <tobias@strongswan.org>
Tue, 1 Sep 2020 16:59:17 +0000 (18:59 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 12 Feb 2021 13:35:23 +0000 (14:35 +0100)
commit00a6280aabc3dacd9737aa2c970f8c997bfd8aab
tree5fbd7cca58ee089d41501dae1ddf504fb7c6bd59
parent121ac4b9e37e9bc3721bb66a6e9e56a80235f988
tls-peer: Return INVALID_STATE after changing TLS 1.3 keys

Even though we return from build(), we are not actually sending a response,
so we can't return NEED_MORE (would send an invalid ClientHello message) and
if we return SUCCESS, the EAP layer treats this as failure (there is a comment
in eap_authenticator_t about client methods never returning SUCCESS from
process()).  Instead we return INVALID_STATE, which allows tls_t.build() to
exit from the build() loop immediately and send the already generated Finished
message.
src/libtls/tls_peer.c