Don't allow too many consecutive warning alerts

Certain warning alerts are ignored if they are received. This can mean that no progress will be made if one peer continually sends those warning alerts. Implement a count so that we abort the connection if we receive too many. Issue reported by Shi Lei. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-09-21 14:07:31 +0100
committer: Matt Caswell <matt@openssl.org> 2016-09-21 20:17:04 +0100
commit: af58be768ebb690f78530f796e92b8ae5c9a4401 (patch)
tree: 087701bd731382d1933438bcd73cb7029264e16b /include
parent: 7dc0ad4d6dca81a003be7fa1fbd58a55f4be8646 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 183296c2cf..d127c76d6c 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2485,6 +2485,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_R_TLS_HEARTBEAT_PENDING                      366
 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
+# define SSL_R_TOO_MANY_WARN_ALERTS                       409
 # define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS             314
 # define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
 # define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
author	Matt Caswell <matt@openssl.org>	2016-09-21 14:07:31 +0100
committer	Matt Caswell <matt@openssl.org>	2016-09-21 20:17:04 +0100
commit	af58be768ebb690f78530f796e92b8ae5c9a4401 (patch)
tree	087701bd731382d1933438bcd73cb7029264e16b /include
parent	7dc0ad4d6dca81a003be7fa1fbd58a55f4be8646 (diff)