[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Thu Sep 15 21:56:24 UTC 2016


The branch OpenSSL_1_0_2-stable has been updated
       via  502fcc67cccda4d997fc121eae4f2789f50adae6 (commit)
      from  15c088e4cf8411ffcb2f3187942aea178cc0919c (commit)


- Log -----------------------------------------------------------------
commit 502fcc67cccda4d997fc121eae4f2789f50adae6
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 15 20:53:09 2016 +0100

    Revert "Abort on unrecognised warning alerts"
    
    This reverts commit 15d81749322c3498027105f8ee44e8c25479d475.
    
    There were some unexpected side effects to this commit, e.g. in SSLv3 a
    warning alert gets sent "no_certificate" if a client does not send a
    Certificate during Client Auth. With the above commit this causes the
    connection to abort, which is incorrect. There may be some other edge cases
    like this so we need to have a rethink on this.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_pkt.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 91f0c58..df124cf 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1462,13 +1462,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
             }
 #ifdef SSL_AD_MISSING_SRP_USERNAME
             else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
-                return 0;
+                return (0);
 #endif
-            else {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
-                goto f_err;
-            }
         } else if (alert_level == SSL3_AL_FATAL) {
             char tmp[16];
 


More information about the openssl-commits mailing list