diff options
| author | Tomas Mraz <tomas@openssl.org> | 2022-12-09 13:27:02 +0100 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2022-12-13 10:11:53 +1100 |
| commit | f92b294563b31d59c30b6f50434482af2a00b625 (patch) | |
| tree | 28add4876d67d39f774b8ec4c23f43919218d190 /ssl | |
| parent | bb3a931f867b9c7bc47b27eb25e83994d95e73aa (diff) | |
Make error reason for disallowed legacy sigalg more specific
The internal error reason is confusing and indicating an error
in OpenSSL and not a configuration problem.
Fixes #19867
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19875)
(cherry picked from commit 97b8db1af2f71059ecea986e4d12fc6a23699a74)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_err.c | 2 | ||||
| -rw-r--r-- | ssl/statem/statem_clnt.c | 3 | ||||
| -rw-r--r-- | ssl/statem/statem_lib.c | 3 |
3 files changed, 6 insertions, 2 deletions
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 014eda06b1..41898844ff 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -225,6 +225,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "invalid status response"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TICKET_KEYS_LENGTH), "invalid ticket keys length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED), + "legacy sigalg disallowed or unsupported"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_MISMATCH), "length mismatch"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_LONG), "length too long"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_SHORT), "length too short"}, diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 3af7234342..3cd1ee2d3d 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2251,7 +2251,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) goto err; } } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED); goto err; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 6937e3f80b..bcce73bcdc 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -442,7 +442,8 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) goto err; } } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED); goto err; } |