Commit 672f3337 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix SSLv3 alert if no Client Ceritifcate sent after a request for one 



In TLS if the server sends a CertificateRequest and the client does not
provide one, if the server cannot continue it should send a
HandshakeFailure alert. In SSLv3 the same should happen, but instead we
were sending an UnexpectedMessage alert. This is incorrect - the message
isn't unexpected - it is valid for the client not to send one - its just
that we cannot continue without one.

Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
parent 10e6d235

ssl/statem/statem.c

+1 −2
Original line number Diff line number Diff line
@@ -531,8 +531,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) { 
             * to that state if so

             */

            if(!transition(s, mt)) {

                ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);

                SSLerr(SSL_F_READ_STATE_MACHINE, SSL_R_UNEXPECTED_MESSAGE);

                ossl_statem_set_error(s);

                return SUB_STATE_ERROR;

            }

ssl/statem/statem_clnt.c

+7 −4
Original line number Diff line number Diff line
@@ -175,7 +175,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) 
            } else {

                ske_expected = key_exchange_expected(s);

                if (ske_expected < 0)

                    return 0;

                    goto err;

                /* SKE is optional for some PSK ciphersuites */

                if (ske_expected

                        || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
@@ -210,7 +210,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) 
    case TLS_ST_CR_CERT_STATUS:

        ske_expected = key_exchange_expected(s);

        if (ske_expected < 0)

            return 0;

            goto err;

        /* SKE is optional for some PSK ciphersuites */

        if (ske_expected

                || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
@@ -219,7 +219,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) 
                st->hand_state = TLS_ST_CR_KEY_EXCH;

                return 1;

            }

            return 0;

            goto err;

        }

        /* Fall through */
@@ -229,7 +229,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) 
                st->hand_state = TLS_ST_CR_CERT_REQ;

                return 1;

            }

            return 0;

            goto err;

        }

        /* Fall through */
@@ -270,7 +270,10 @@ int ossl_statem_client_read_transition(SSL *s, int mt) 
        break;

    }



 err:

    /* No valid transition found */

    ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);

    SSLerr(SSL_F_READ_STATE_MACHINE, SSL_R_UNEXPECTED_MESSAGE);

    return 0;

}

ssl/statem/statem_srvr.c

+13 −0
Original line number Diff line number Diff line
@@ -114,6 +114,17 @@ int ossl_statem_server_read_transition(SSL *s, int mt) 
                return 1;

            }

        }

        if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE && s->s3->tmp.cert_request

                && s->version == SSL3_VERSION) {

            /*

             * This isn't an unexpected message as such - we're just not going

             * to accept it.

             */

            ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_HANDSHAKE_FAILURE);

            SSLerr(SSL_F_READ_STATE_MACHINE,

                   SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);

            return 0;

        }

        break;



    case TLS_ST_SR_CERT:
@@ -197,6 +208,8 @@ int ossl_statem_server_read_transition(SSL *s, int mt) 
    }



    /* No valid transition found */

    ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);

    SSLerr(SSL_F_READ_STATE_MACHINE, SSL_R_UNEXPECTED_MESSAGE);

    return 0;

}