summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2016-09-12 11:04:51 +0100
committerMatt Caswell <matt@openssl.org>2016-09-13 11:53:54 +0100
commit4bc54bf8b45ca0997ab6ffb13cc32b3ae1979ccc (patch)
tree6ecae9fb9530521c6e2210dc38f4594a3c0dd98d /ssl
parent469f593170d9170da632bb0afd634e971c3234e7 (diff)
Abort on unrecognised warning alerts
A peer continually sending unrecognised warning alerts could mean that we make no progress on a connection. We should abort rather than continuing if we receive an unrecognised warning alert. Thanks to Shi Lei for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 77a6be4dfc2ecf406c2559a99bea51317ce0f533)
Diffstat (limited to 'ssl')
-rw-r--r--ssl/record/rec_layer_s3.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 46870c054b..aa148ba490 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1351,9 +1351,15 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
goto f_err;
}
#ifdef SSL_AD_MISSING_SRP_USERNAME
- else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
- return (0);
+ else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) {
+ return 0;
+ }
#endif
+ else {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
+ goto f_err;
+ }
} else if (alert_level == SSL3_AL_FATAL) {
char tmp[16];