diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-01-23 12:06:34 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-01-23 12:06:34 +0000 |
| commit | 6cc79b52e53c5ee2973932c45e0886164ff2cc51 (patch) | |
| tree | 8cad74a3c0c868f630a7ecc3243a81425f3db2fe | |
| parent | 4fea021861d2c7e6275fefbad9750a8cd8fb471e (diff) | |
| parent | d9fa45cee17686fbf065ca5d99d0b0dc3d321c31 (diff) | |
| download | gnutls-6cc79b52e53c5ee2973932c45e0886164ff2cc51.tar.gz | |
Merge branch 'tmp-alerts-fix' into 'master'
Various alert-related fixes
Closes #672
See merge request gnutls/gnutls!885
| -rw-r--r-- | lib/alert.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/lib/alert.c b/lib/alert.c index a7770da676..15f5183430 100644 --- a/lib/alert.c +++ b/lib/alert.c @@ -184,7 +184,7 @@ gnutls_alert_send(gnutls_session_t session, gnutls_alert_level_t level, * renegotiation will be performed. * * If there is no mapping to a valid alert the alert to indicate - * internal error is returned. + * internal error (%GNUTLS_A_INTERNAL_ERROR) is returned. * * Returns: the alert code to use for a particular error code. **/ @@ -257,6 +257,8 @@ int gnutls_error_to_alert(int err, int *level) case GNUTLS_E_UNKNOWN_PK_ALGORITHM: case GNUTLS_E_UNWANTED_ALGORITHM: case GNUTLS_E_NO_COMMON_KEY_SHARE: + case GNUTLS_E_ECC_NO_SUPPORTED_CURVES: + case GNUTLS_E_ECC_UNSUPPORTED_CURVE: ret = GNUTLS_A_HANDSHAKE_FAILURE; _level = GNUTLS_AL_FATAL; break; @@ -338,7 +340,7 @@ int gnutls_error_to_alert(int err, int *level) /** * gnutls_alert_send_appropriate: * @session: is a #gnutls_session_t type. - * @err: is an integer + * @err: is an error code returned by another GnuTLS function * * Sends an alert to the peer depending on the error code returned by * a gnutls function. This function will call gnutls_error_to_alert() @@ -347,8 +349,11 @@ int gnutls_error_to_alert(int err, int *level) * This function may also return %GNUTLS_E_AGAIN, or * %GNUTLS_E_INTERRUPTED. * - * If the return value is %GNUTLS_E_INVALID_REQUEST, then no alert has - * been sent to the peer. + * This function historically was always sending an alert to the + * peer, even if @err was inappropriate to respond with an alert + * (e.g., %GNUTLS_E_SUCCESS). Since 3.6.6 this function returns + * success without transmitting any data on error codes that + * should not result to an alert. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise * an error code is returned. @@ -358,10 +363,11 @@ int gnutls_alert_send_appropriate(gnutls_session_t session, int err) int alert; int level; + if (err != GNUTLS_E_REHANDSHAKE && (!gnutls_error_is_fatal(err) || + err == GNUTLS_E_FATAL_ALERT_RECEIVED)) + return gnutls_assert_val(0); + alert = gnutls_error_to_alert(err, &level); - if (alert < 0) { - return alert; - } return gnutls_alert_send(session, (gnutls_alert_level_t)level, alert); } |