[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Tue Sep 13 11:02:24 UTC 2016
The branch master has been updated
via 77a6be4dfc2ecf406c2559a99bea51317ce0f533 (commit)
from c0f9e23c6b8d1076796987d5a84557d410682d85 (commit)
- Log -----------------------------------------------------------------
commit 77a6be4dfc2ecf406c2559a99bea51317ce0f533
Author: Matt Caswell <matt at openssl.org>
Date: Mon Sep 12 11:04:51 2016 +0100
Abort on unrecognised warning alerts
A peer continually sending unrecognised warning alerts could mean that we
make no progress on a connection. We should abort rather than continuing if
we receive an unrecognised warning alert.
Thanks to Shi Lei for reporting this issue.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/record/rec_layer_s3.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 46870c0..aa148ba 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1351,9 +1351,15 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
goto f_err;
}
#ifdef SSL_AD_MISSING_SRP_USERNAME
- else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
- return (0);
+ else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) {
+ return 0;
+ }
#endif
+ else {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
+ goto f_err;
+ }
} else if (alert_level == SSL3_AL_FATAL) {
char tmp[16];
More information about the openssl-commits
mailing list