[openssl] OpenSSL_1_1_1-stable update
beldmit at gmail.com
beldmit at gmail.com
Tue May 4 08:20:13 UTC 2021
The branch OpenSSL_1_1_1-stable has been updated
via 4b1be3c8868cf0b26a031f68ffebc34248e1836c (commit)
from 6682083fa51fb94b95afd68b2b57f7609d9e41e7 (commit)
- Log -----------------------------------------------------------------
commit 4b1be3c8868cf0b26a031f68ffebc34248e1836c
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Sat May 1 13:29:05 2021 +0200
Use OCSP-specific error code for clarity
Fixes #12735 for 1.1.1
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15109)
-----------------------------------------------------------------------
Summary of changes:
crypto/err/openssl.txt | 1 +
include/openssl/sslerr.h | 3 ++-
ssl/ssl_err.c | 4 +++-
ssl/statem/statem_clnt.c | 2 +-
4 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 7e1776375d..e0e60ffa38 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2784,6 +2784,7 @@ SSL_R_NO_VALID_SCTS:216:no valid scts
SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback
SSL_R_NULL_SSL_CTX:195:null ssl ctx
SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed
+SSL_R_OCSP_CALLBACK_FAILURE:294:ocsp callback failure
SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned
SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\
old session compression algorithm not returned
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 82983d3c1e..9060fd1b75 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -633,6 +633,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403
# define SSL_R_NULL_SSL_CTX 195
# define SSL_R_NULL_SSL_METHOD_PASSED 196
+# define SSL_R_OCSP_CALLBACK_FAILURE 294
# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
# define SSL_R_OVERFLOW_ERROR 237
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 4b12ed1485..d0c69821b5 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1018,6 +1018,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED),
"null ssl method passed"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE),
+ "ocsp callback failure"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
"old session cipher not returned"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index de58f1a4b7..5543e08c59 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2833,7 +2833,7 @@ int tls_process_initial_server_flight(SSL *s)
if (ret < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT,
- ERR_R_MALLOC_FAILURE);
+ SSL_R_OCSP_CALLBACK_FAILURE);
return 0;
}
}
More information about the openssl-commits
mailing list