[openssl] master update
kaduk at mit.edu
kaduk at mit.edu
Tue May 25 21:26:13 UTC 2021
The branch master has been updated
via 1376708c1cfee91a891057db132aa45aa2a81a98 (commit)
from e6e618bf22ead6af2d7e5a5a540a39e5073296bb (commit)
- Log -----------------------------------------------------------------
commit 1376708c1cfee91a891057db132aa45aa2a81a98
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Fri May 21 10:25:00 2021 -0700
Allow TLS13_AD_MISSING_EXTENSION for older versions
Add a pass-through switch case for TLS13_AD_MISSING_EXTENSION in
ssl3_alert_code() and tls1_alert_code(), so that the call to
SSLfatal() in final_psk() will always actually generate an alert,
even for non-TLS1.3 protocol versions.
Fixes #15375
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15412)
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_enc.c | 2 ++
ssl/t1_enc.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index cf4d5fe4e7..88ac6e4205 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -589,6 +589,8 @@ int ssl3_alert_code(int code)
return TLS1_AD_NO_APPLICATION_PROTOCOL;
case SSL_AD_CERTIFICATE_REQUIRED:
return SSL_AD_HANDSHAKE_FAILURE;
+ case TLS13_AD_MISSING_EXTENSION:
+ return SSL_AD_HANDSHAKE_FAILURE;
default:
return -1;
}
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 5e9c3a0ee5..886709bf4a 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -848,6 +848,8 @@ int tls1_alert_code(int code)
return TLS1_AD_NO_APPLICATION_PROTOCOL;
case SSL_AD_CERTIFICATE_REQUIRED:
return SSL_AD_HANDSHAKE_FAILURE;
+ case TLS13_AD_MISSING_EXTENSION:
+ return SSL_AD_HANDSHAKE_FAILURE;
default:
return -1;
}
More information about the openssl-commits
mailing list