From c2f52b4b7b886093d823227fa35bce2b95be7d98 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 23 Oct 2017 10:28:28 +0100 Subject: [PATCH] Wrong identifier used to check Encrypt-then-MAC flag This commit fixes a comparison of ssl_session->encrypt_then_mac against the ETM-unrelated constant SSL_EXTENDED_MS_DISABLED. Instead, SSL_ETM_DISABLED should be used. The typo is has no functional effect since both constants have the same value 0. --- library/ssl_srv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 0f0369aa4..d141b0592 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1963,7 +1963,7 @@ static void ssl_write_encrypt_then_mac_ext( ssl_context *ssl, const ssl_ciphersuite_t *suite = NULL; const cipher_info_t *cipher = NULL; - if( ssl->session_negotiate->encrypt_then_mac == SSL_EXTENDED_MS_DISABLED || + if( ssl->session_negotiate->encrypt_then_mac == SSL_ETM_DISABLED || ssl->minor_ver == SSL_MINOR_VERSION_0 ) { *olen = 0;