diff options
author | Matt Caswell <matt@openssl.org> | 2018-06-18 12:06:52 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-06-19 18:21:38 +0100 |
commit | fee33643a8aa64a8eb72ac92fd3a04d3aa7005d3 (patch) | |
tree | e47be11a0e8e1c1be4dddc02ce2a45687b7ce3ee /ssl | |
parent | c4fad5d348a5f57c4c08e63c444702c310ec891a (diff) |
Fix enable-ssl3 enable-ssl3-method
Commit 4aa5a5669 accidentally missed off the catch all case of ignoring all
warning alerts that are otherwise unhandled. This breaks the SSLv3 tests
which send a "no certificate" warning alert.
Fixes #6496
[extended tests]
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/6509)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/record/rec_layer_s3.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 75b506bd85..8d5b53fb39 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1573,6 +1573,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL3_READ_BYTES, SSL_R_NO_RENEGOTIATION); return -1; + } else if (alert_level == SSL3_AL_WARNING) { + /* We ignore any other warning alert in TLSv1.2 and below */ + goto start; } SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_READ_BYTES, |