diff options
author | Matt Caswell <matt@openssl.org> | 2016-09-12 11:04:51 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-09-13 11:51:00 +0100 |
commit | 77a6be4dfc2ecf406c2559a99bea51317ce0f533 (patch) | |
tree | ad14d5714a07eecf2d14489758abe6f9b332705e | |
parent | c0f9e23c6b8d1076796987d5a84557d410682d85 (diff) |
Abort on unrecognised warning alerts
A peer continually sending unrecognised warning alerts could mean that we
make no progress on a connection. We should abort rather than continuing if
we receive an unrecognised warning alert.
Thanks to Shi Lei for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
-rw-r--r-- | ssl/record/rec_layer_s3.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 46870c054b..aa148ba490 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1351,9 +1351,15 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, goto f_err; } #ifdef SSL_AD_MISSING_SRP_USERNAME - else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) - return (0); + else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) { + return 0; + } #endif + else { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); + goto f_err; + } } else if (alert_level == SSL3_AL_FATAL) { char tmp[16]; |