diff options
| author | Jacob Champion <jacob.champion@enterprisedb.com> | 2024-05-06 09:50:11 -0700 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-05-14 15:27:42 +0200 |
| commit | 3ea11a8c3fc22fb3cd608a64d80bfa17fdbf5a3d (patch) | |
| tree | 1457d00c55ec8c281962202d92fff623c4461354 | |
| parent | 5bc941f5cf754c402a266c77c1133c0b2d6f640b (diff) | |
Add reason codes with the correct offset for two alerts
Fixes #24300. The current values of SSL_R_NO_APPLICATION_PROTOCOL and
SSL_R_PSK_IDENTITY_NOT_FOUND don't allow for a correct lookup of the
corresponding reason strings.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24351)
(cherry picked from commit a401aaf9ed6eb34842cdedfcc35448bdc4174df3)
| -rw-r--r-- | crypto/err/openssl.ec | 2 | ||||
| -rw-r--r-- | crypto/err/openssl.txt | 3 | ||||
| -rw-r--r-- | include/openssl/sslerr.h | 2 | ||||
| -rw-r--r-- | ssl/ssl_err.c | 4 |
4 files changed, 11 insertions, 0 deletions
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index f1917136d8..f3802a05b5 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -76,4 +76,6 @@ R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +R SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115 R SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +R SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120 diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 1607ad835f..6882eebcd1 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1596,10 +1596,13 @@ SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION:1060:tlsv1 alert export restriction SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK:1086:tlsv1 alert inappropriate fallback SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY:1071:tlsv1 alert insufficient security SSL_R_TLSV1_ALERT_INTERNAL_ERROR:1080:tlsv1 alert internal error +SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL:1120:\ + tlsv1 alert no application protocol SSL_R_TLSV1_ALERT_NO_RENEGOTIATION:1100:tlsv1 alert no renegotiation SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:1070:tlsv1 alert protocol version SSL_R_TLSV1_ALERT_RECORD_OVERFLOW:1022:tlsv1 alert record overflow SSL_R_TLSV1_ALERT_UNKNOWN_CA:1048:tlsv1 alert unknown ca +SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY:1115:tlsv1 alert unknown psk identity SSL_R_TLSV1_ALERT_USER_CANCELLED:1090:tlsv1 alert user cancelled SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE:1114:tlsv1 bad certificate hash value SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE:1113:\ diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 980a6c7b2f..ec35df64e5 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -308,10 +308,12 @@ # define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 # define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 # define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +# define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120 # define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 # define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 # define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 # define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +# define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115 # define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 # define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 # define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index a1da9fde39..f5fb4107f6 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -498,6 +498,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "tlsv1 alert insufficient security"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "tlsv1 alert internal error"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL), + "tlsv1 alert no application protocol"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "tlsv1 alert no renegotiation"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), @@ -506,6 +508,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "tlsv1 alert record overflow"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY), + "tlsv1 alert unknown psk identity"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_USER_CANCELLED), "tlsv1 alert user cancelled"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), |