[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Tue Sep 13 11:02:52 UTC 2016
The branch OpenSSL_1_0_2-stable has been updated
via 15d81749322c3498027105f8ee44e8c25479d475 (commit)
from 204fb53895618672120474bac194269c0f837632 (commit)
- Log -----------------------------------------------------------------
commit 15d81749322c3498027105f8ee44e8c25479d475
Author: Matt Caswell <matt at openssl.org>
Date: Mon Sep 12 11:04:51 2016 +0100
Abort on unrecognised warning alerts
A peer continually sending unrecognised warning alerts could mean that we
make no progress on a connection. We should abort rather than continuing if
we receive an unrecognised warning alert.
Thanks to Shi Lei for reporting this issue.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_pkt.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index df124cf..91f0c58 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1462,8 +1462,13 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
#ifdef SSL_AD_MISSING_SRP_USERNAME
else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
- return (0);
+ return 0;
#endif
+ else {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
+ goto f_err;
+ }
} else if (alert_level == SSL3_AL_FATAL) {
char tmp[16];
More information about the openssl-commits
mailing list