Removed the GNUTLS_E_MAC_FAILED error. Now only GNUTLS_E_DECRYPTION_FAILED

error is used. That we don't leak any information about the result of a possible attack.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2002-02-09 11:10:08 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2002-02-09 11:10:08 +0000
commit: 4dbc6080aefa3c5f0afe1ccee42af58964f5f809 (patch)
tree: 39eac3c2b63adda5c040173f9f05d12329fb9ce4 /lib/gnutls_alert.c
parent: e3ac5900e75c8a93de2c90ac083a015598bfabb7 (diff)
download: gnutls-4dbc6080aefa3c5f0afe1ccee42af58964f5f809.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c
index 8d9f18eed0..1aa4bd6e2e 100644
--- a/lib/gnutls_alert.c
+++ b/lib/gnutls_alert.c
@@ -76,11 +76,11 @@ int gnutls_alert_send( GNUTLS_STATE state, GNUTLS_AlertLevel level, GNUTLS_Alert
 int gnutls_alert_send_appropriate( GNUTLS_STATE state, int err) {
 int ret = GNUTLS_E_UNIMPLEMENTED_FEATURE;
 	switch (err) { /* send appropriate alert */
-		case GNUTLS_E_MAC_FAILED:
-			ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_BAD_RECORD_MAC);
-			break;
 		case GNUTLS_E_DECRYPTION_FAILED:
-			ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_DECRYPTION_FAILED);
+			/* GNUTLS_A_DECRYPTION_FAILED is not sent, because
+			 * it is not defined in SSL3.
+			 */
+			ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_BAD_RECORD_MAC);
 			break;
 		case GNUTLS_E_DECOMPRESSION_FAILED:
 			ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_DECOMPRESSION_FAILURE);
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2002-02-09 11:10:08 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2002-02-09 11:10:08 +0000
commit	4dbc6080aefa3c5f0afe1ccee42af58964f5f809 (patch)
tree	39eac3c2b63adda5c040173f9f05d12329fb9ce4 /lib/gnutls_alert.c
parent	e3ac5900e75c8a93de2c90ac083a015598bfabb7 (diff)
download	gnutls-4dbc6080aefa3c5f0afe1ccee42af58964f5f809.tar.gz