From 19dd7a736ed9928505f1b9886e002210d0adf44b Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 9 Feb 2019 18:05:45 +0200
Subject: [PATCH] TLS server: Local failure information on verify_data mismatch

Mark connection state FAILED in this case even though TLS Alert is not
sent.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/tls/tlsv1_server_read.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/tls/tlsv1_server_read.c b/src/tls/tlsv1_server_read.c
index 5ff9f89f3..e957678fc 100644
--- a/src/tls/tlsv1_server_read.c
+++ b/src/tls/tlsv1_server_read.c
@@ -1245,6 +1245,7 @@ static int tls_process_client_finished(struct tlsv1_server *conn, u8 ct,
 
 	if (os_memcmp_const(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) {
 		tlsv1_server_log(conn, "Mismatch in verify_data");
+		conn->state = FAILED;
 		return -1;
 	}