Please sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Go into the error state if a fatal alert is sent or received
If an application calls SSL_shutdown after a fatal alert has occured and then behaves different based on error codes from that function then the application may be vulnerable to a padding oracle. CVE-2019-1559 Reviewed-by: Richard Levitte <firstname.lastname@example.org>
- Loading branch information