summaryrefslogtreecommitdiff
path: root/lib/tls13/key_update.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/tls13/key_update.c')
-rw-r--r--lib/tls13/key_update.c17
1 files changed, 11 insertions, 6 deletions
diff --git a/lib/tls13/key_update.c b/lib/tls13/key_update.c
index acfda41290..e366093887 100644
--- a/lib/tls13/key_update.c
+++ b/lib/tls13/key_update.c
@@ -38,13 +38,15 @@
* because KTLS most likely doesn't support key update.
*/
#define SET_KTLS_KEYS(session, interface)\
-{\
- if(_gnutls_ktls_set_keys(session, interface) < 0) {\
+if(_gnutls_ktls_set_keys(session, interface) < 0) {\
session->internals.ktls_enabled = 0;\
- _gnutls_audit_log(session, \
- "disabling KTLS: couldn't update keys\n");\
- }\
-}
+ session->internals.invalid_connection = true;\
+ _gnutls_audit_log(session,\
+ "disabling KTLS: couldn't update keys\n");\
+ _gnutls_audit_log(session,\
+ "invalidating session: No ktls fallback mechanism\n");\
+ ret = GNUTLS_E_INTERNAL_ERROR;\
+}\
static int update_keys(gnutls_session_t session, hs_stage_t stage)
{
@@ -64,6 +66,9 @@ static int update_keys(gnutls_session_t session, hs_stage_t stage)
* write keys */
if (session->internals.recv_state == RECV_STATE_EARLY_START) {
ret = _tls13_write_connection_state_init(session, stage);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND))
SET_KTLS_KEYS(session, GNUTLS_KTLS_SEND)
} else {
View Lorry Controller Status