diff options
| author | Matt Caswell <matt@openssl.org> | 2018-07-30 10:13:14 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-07-31 10:31:50 +0200 |
| commit | 43a0f2733a943799060ea275516fcce00d89eb38 (patch) | |
| tree | f306c49491086a35ac38767945b1a026006191ce /ssl/ssl_err.c | |
| parent | Deprecate the EC curve type specific functions in 1.2.0 (diff) | |
| download | openssl-43a0f2733a943799060ea275516fcce00d89eb38.tar.xz openssl-43a0f2733a943799060ea275516fcce00d89eb38.zip | |
Fix some TLSv1.3 alert issues
Ensure that the certificate required alert actually gets sent (and doesn't
get translated into handshake failure in TLSv1.3).
Ensure that proper reason codes are given for the new TLSv1.3 alerts.
Remove an out of date macro for TLS13_AD_END_OF_EARLY_DATA. This is a left
over from an earlier TLSv1.3 draft that is no longer used.
Fixes #6804
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6809)
Diffstat (limited to 'ssl/ssl_err.c')
| -rw-r--r-- | ssl/ssl_err.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index d3e805636f..11331ce41f 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1137,6 +1137,10 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_VERSION_MISMATCH), "ssl session version mismatch"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_STILL_IN_INIT), "still in init"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED), + "tlsv13 alert certificate required"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_MISSING_EXTENSION), + "tlsv13 alert missing extension"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECODE_ERROR), |