[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Tue Sep 13 11:02:42 UTC 2016 

The branch OpenSSL_1_1_0-stable has been updated
       via  44c9339ca802746ac01c8144fb963beb1ed8c837 (commit)
       via  4bc54bf8b45ca0997ab6ffb13cc32b3ae1979ccc (commit)
      from  469f593170d9170da632bb0afd634e971c3234e7 (commit)


- Log -----------------------------------------------------------------
commit 44c9339ca802746ac01c8144fb963beb1ed8c837
Author: Matt Caswell <matt at openssl.org>
Date:   Sun Sep 11 12:47:39 2016 -0400

    util/shlib_wrap.sh is now auto-generated so tell git to ignore it
    
    Signed-off-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (cherry picked from commit 6462876f8d9f6538ad0fcd70717077d9ae174e56)

commit 4bc54bf8b45ca0997ab6ffb13cc32b3ae1979ccc
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Sep 12 11:04:51 2016 +0100

    Abort on unrecognised warning alerts
    
    A peer continually sending unrecognised warning alerts could mean that we
    make no progress on a connection. We should abort rather than continuing if
    we receive an unrecognised warning alert.
    
    Thanks to Shi Lei for reporting this issue.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 77a6be4dfc2ecf406c2559a99bea51317ce0f533)

-----------------------------------------------------------------------

Summary of changes:
 .gitignore                |  1 +
 ssl/record/rec_layer_s3.c | 10 ++++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index e55ab65..730731f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -72,6 +72,7 @@ Makefile
 /include/openssl/opensslconf.h
 /tools/c_rehash
 /tools/c_rehash.pl
+/util/shlib_wrap.sh
 /tags
 /TAGS
 /crypto.map
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 46870c0..aa148ba 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1351,9 +1351,15 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
                 goto f_err;
             }
 #ifdef SSL_AD_MISSING_SRP_USERNAME
-            else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
-                return (0);
+            else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) {
+                return 0;
+            }
 #endif
+            else {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
+                goto f_err;
+            }
         } else if (alert_level == SSL3_AL_FATAL) {
             char tmp[16];

More information about the openssl-commits mailing list