diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-02-09 11:10:08 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-02-09 11:10:08 +0000 |
commit | 4dbc6080aefa3c5f0afe1ccee42af58964f5f809 (patch) | |
tree | 39eac3c2b63adda5c040173f9f05d12329fb9ce4 /lib/gnutls_alert.c | |
parent | e3ac5900e75c8a93de2c90ac083a015598bfabb7 (diff) | |
download | gnutls-4dbc6080aefa3c5f0afe1ccee42af58964f5f809.tar.gz |
Removed the GNUTLS_E_MAC_FAILED error. Now only GNUTLS_E_DECRYPTION_FAILED
error is used. That we don't leak any information about the result of
a possible attack.
Diffstat (limited to 'lib/gnutls_alert.c')
-rw-r--r-- | lib/gnutls_alert.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c index 8d9f18eed0..1aa4bd6e2e 100644 --- a/lib/gnutls_alert.c +++ b/lib/gnutls_alert.c @@ -76,11 +76,11 @@ int gnutls_alert_send( GNUTLS_STATE state, GNUTLS_AlertLevel level, GNUTLS_Alert int gnutls_alert_send_appropriate( GNUTLS_STATE state, int err) { int ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; switch (err) { /* send appropriate alert */ - case GNUTLS_E_MAC_FAILED: - ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_BAD_RECORD_MAC); - break; case GNUTLS_E_DECRYPTION_FAILED: - ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_DECRYPTION_FAILED); + /* GNUTLS_A_DECRYPTION_FAILED is not sent, because + * it is not defined in SSL3. + */ + ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_BAD_RECORD_MAC); break; case GNUTLS_E_DECOMPRESSION_FAILED: ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_DECOMPRESSION_FAILURE); |