diff options
author | Matt Caswell <matt@openssl.org> | 2017-05-16 17:28:23 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-05-19 08:47:08 +0100 |
commit | fb34a0f4e033246ef5f957bc57d2ebc904a519fc (patch) | |
tree | 1db7d3e04ad02459db6fb04dd264cf7936dc34e4 /ssl/record | |
parent | d8028b202bfe337200a0cc89b80983ea1838cb30 (diff) |
Try to be more consistent about the alerts we send
We are quite inconsistent about which alerts get sent. Specifically, these
alerts should be used (normally) in the following circumstances:
SSL_AD_DECODE_ERROR = The peer sent a syntactically incorrect message
SSL_AD_ILLEGAL_PARAMETER = The peer sent a message which was syntactically
correct, but a parameter given is invalid for the context
SSL_AD_HANDSHAKE_FAILURE = The peer's messages were syntactically and
semantically correct, but the parameters provided were unacceptable to us
(e.g. because we do not support the requested parameters)
SSL_AD_INTERNAL_ERROR = We messed up (e.g. malloc failure)
The standards themselves aren't always consistent but I think the above
represents the best interpretation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3480)
Diffstat (limited to 'ssl/record')
-rw-r--r-- | ssl/record/ssl3_record.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index bafc976cde..85d726fb20 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -209,7 +209,7 @@ int ssl3_get_record(SSL *s) sslv2pkt = pkt; if (!PACKET_get_net_2_len(&sslv2pkt, &sslv2len) || !PACKET_get_1(&sslv2pkt, &type)) { - al = SSL_AD_INTERNAL_ERROR; + al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); goto f_err; } @@ -241,7 +241,7 @@ int ssl3_get_record(SSL *s) } if (thisrr->length < MIN_SSL2_RECORD_LEN) { - al = SSL_AD_HANDSHAKE_FAILURE; + al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT); goto f_err; } @@ -255,7 +255,7 @@ int ssl3_get_record(SSL *s) if (!PACKET_get_1(&pkt, &type) || !PACKET_get_net_2(&pkt, &version) || !PACKET_get_net_2_len(&pkt, &thisrr->length)) { - al = SSL_AD_INTERNAL_ERROR; + al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); goto f_err; } |