Commit e440f513 authored by Matt Caswell's avatar Matt Caswell
Browse files

Give more information in the SSL_stateless return code 



Allow users to distinguish between an error occurring and an HRR being
issued.

Fixes #5549

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5562)
parent 532f9578

crypto/err/openssl.txt

+1 −0
Original line number Diff line number Diff line
@@ -2546,6 +2546,7 @@ SSL_R_NO_CIPHERS_SPECIFIED:183:no ciphers specified 
SSL_R_NO_CIPHER_MATCH:185:no cipher match

SSL_R_NO_CLIENT_CERT_METHOD:331:no client cert method

SSL_R_NO_COMPRESSION_SPECIFIED:187:no compression specified

SSL_R_NO_COOKIE_CALLBACK_SET:287:no cookie callback set

SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER:330:\

	Peer haven't sent GOST certificate, required for selected ciphersuite

SSL_R_NO_METHOD_SPECIFIED:188:no method specified

doc/man3/DTLSv1_listen.pod

+3 −2
Original line number Diff line number Diff line
@@ -88,8 +88,9 @@ start. 
=head1 RETURN VALUES



For SSL_stateless() a return value of 1 indicates success and the B<ssl> object

will be set up ready to continue the handshake. A return value of 0 indicates

failure. User code may retry the SSL_stateless() call.

will be set up ready to continue the handshake. A return value of 0 or -1

indicates failure. If the value is 0 then a HelloRetryRequest was sent. A value

of -1 indicates any other error. User code may retry the SSL_stateless() call.



For DTLSv1_listen() a return value of >= 1 indicates success. The B<ssl> object

will be set up ready to continue the handshake.  the B<peer> value will also be

include/openssl/sslerr.h

+1 −0
Original line number Diff line number Diff line
@@ -587,6 +587,7 @@ int ERR_load_SSL_strings(void); 
# define SSL_R_NO_CIPHER_MATCH                            185

# define SSL_R_NO_CLIENT_CERT_METHOD                      331

# define SSL_R_NO_COMPRESSION_SPECIFIED                   187

# define SSL_R_NO_COOKIE_CALLBACK_SET                     287

# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER           330

# define SSL_R_NO_METHOD_SPECIFIED                        188

# define SSL_R_NO_PEM_EXTENSIONS                          389

ssl/ssl_err.c

+2 −0
Original line number Diff line number Diff line
@@ -952,6 +952,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { 
    "no client cert method"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COMPRESSION_SPECIFIED),

    "no compression specified"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COOKIE_CALLBACK_SET),

    "no cookie callback set"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),

    "Peer haven't sent GOST certificate, required for selected ciphersuite"},

    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_METHOD_SPECIFIED),

ssl/ssl_lib.c

+4 −1
Original line number Diff line number Diff line
@@ -5352,7 +5352,10 @@ int SSL_stateless(SSL *s) 
    if (ret > 0 && s->ext.cookieok)

        return 1;



    if (s->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(s))

        return 0;



    return -1;

}



void SSL_force_post_handshake_auth(SSL *ssl)