Commit 77a6be4d authored by Matt Caswell's avatar Matt Caswell
Browse files

Abort on unrecognised warning alerts 



A peer continually sending unrecognised warning alerts could mean that we
make no progress on a connection. We should abort rather than continuing if
we receive an unrecognised warning alert.

Thanks to Shi Lei for reporting this issue.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent c0f9e23c

ssl/record/rec_layer_s3.c

+8 −2
Original line number Diff line number Diff line
@@ -1351,9 +1351,15 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, 
                goto f_err;

            }

#ifdef SSL_AD_MISSING_SRP_USERNAME

            else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)

                return (0);

            else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) {

                return 0;

            }

#endif

            else {

                al = SSL_AD_HANDSHAKE_FAILURE;

                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);

                goto f_err;

            }

        } else if (alert_level == SSL3_AL_FATAL) {

            char tmp[16];