How to handle TLS alerts

[Matt Caswell]

On 26/10/2022 18:33, pepone.onrez wrote:
> Hi,
> 
> I'm trying to understand how to handle TLS alerts, I have set up a 
> callback with
> 
> SSL_CTX_set_info_callback(_ctx, ssl_info_callback);
> 
> And I can see alerts sent by the peer, does the application need to call 
> SSL_shutdown upon receiving
> a fatal alert, or is this done automatically by the OpenSSL library?
> 

A fatal alert indicates an immediate shutdown. You should not call 
SSL_shutdown() after this. This is only for "normal" shutdowns. On 
receipt of a fatal alert you can simply close the connection 
immediately. No alert needs to be sent back.

 > With my testing, I see my client gets "read SSL3 alert fatal unknown CA"
 > after the call to SSL_connect finishes without error

An endpoint finishes its handshake after it has both sent and received a 
"Finished" message. This does not happen simultaneously on both 
endpoints at the same time. In TLSv1.3 the server sends its Finished 
message first. The client responds with its 
Certificate/CertificateVerify/Finished messages. At this point the 
client has completed its handshake (it has both sent and received a 
Finished message) and so SSL_connect returns successfully. The server 
however has not yet completed the handshake (it hasn't yet processed the 
final flight of messages including the Finished message from the client).

If the certificate sent by the client is not acceptable then it will 
respond with a fatal alert. The client won't see this until it next 
calls SSL_read. At this point SSL_read() will return an error and 
SSL_get_error() will indicate SSL_ERROR_SSL. You should just close the 
connection at this point without calling SSL_shutdown().


Matt