[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Thu Sep 15 21:56:01 UTC 2016
The branch master has been updated
via 3c0c68ae460e947aaae5702bda6258fb812e1029 (commit)
from d602c2b680aefd3e0d00d090783ef5f912caf06a (commit)
- Log -----------------------------------------------------------------
commit 3c0c68ae460e947aaae5702bda6258fb812e1029
Author: Matt Caswell <matt at openssl.org>
Date: Thu Sep 15 20:43:16 2016 +0100
Revert "Abort on unrecognised warning alerts"
This reverts commit 77a6be4dfc2ecf406c2559a99bea51317ce0f533.
There were some unexpected side effects to this commit, e.g. in SSLv3 a
warning alert gets sent "no_certificate" if a client does not send a
Certificate during Client Auth. With the above commit this causes the
connection to abort, which is incorrect. There may be some other edge cases
like this so we need to have a rethink on this.
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/record/rec_layer_s3.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index aa148ba..46870c0 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1351,15 +1351,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
goto f_err;
}
#ifdef SSL_AD_MISSING_SRP_USERNAME
- else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) {
- return 0;
- }
+ else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
+ return (0);
#endif
- else {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
- goto f_err;
- }
} else if (alert_level == SSL3_AL_FATAL) {
char tmp[16];
More information about the openssl-commits
mailing list