diff options
author | Matt Caswell <matt@openssl.org> | 2018-07-30 09:13:14 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-07-31 09:31:50 +0100 |
commit | 43a0f2733a943799060ea275516fcce00d89eb38 (patch) | |
tree | f306c49491086a35ac38767945b1a026006191ce /include | |
parent | 50db81633ece00593b245afed0ed9480d7ffb334 (diff) |
Fix some TLSv1.3 alert issues
Ensure that the certificate required alert actually gets sent (and doesn't
get translated into handshake failure in TLSv1.3).
Ensure that proper reason codes are given for the new TLSv1.3 alerts.
Remove an out of date macro for TLS13_AD_END_OF_EARLY_DATA. This is a left
over from an earlier TLSv1.3 draft that is no longer used.
Fixes #6804
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6809)
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/sslerr.h | 2 | ||||
-rw-r--r-- | include/openssl/tls1.h | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index a5b2c55942..87b295c9f9 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -695,6 +695,8 @@ int ERR_load_SSL_strings(void); # define SSL_R_SSL_SESSION_ID_TOO_LONG 408 # define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 # define SSL_R_STILL_IN_INIT 121 +# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 # define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 # define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 37bdc7da43..761a86a752 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -70,7 +70,6 @@ extern "C" { # define TLS1_AD_USER_CANCELLED 90 # define TLS1_AD_NO_RENEGOTIATION 100 /* TLSv1.3 alerts */ -# define TLS13_AD_END_OF_EARLY_DATA 1 # define TLS13_AD_MISSING_EXTENSION 109 /* fatal */ # define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */ /* codes 110-114 are from RFC3546 */ |