diff options
Diffstat (limited to 'lib/gnutls_alert.c')
-rw-r--r-- | lib/gnutls_alert.c | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c new file mode 100644 index 0000000000..4548152ea9 --- /dev/null +++ b/lib/gnutls_alert.c @@ -0,0 +1,127 @@ +/* + * Copyright (C) 2000,2001 Nikos Mavroyanopoulos + * + * This file is part of GNUTLS. + * + * GNUTLS is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GNUTLS is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <gnutls_int.h> +#include <gnutls_errors.h> +#include <gnutls_alert.h> +#include <gnutls_record.h> + +/** + * gnutls_alert_send - This function sends an alert message to the peer + * @state: is a &GNUTLS_STATE structure. + * @level: is the level of the alert + * @desc: is the alert description + * + * This function will send an alert to the peer in order to inform + * him of something important (eg. his Certificate could not be verified). + * If the alert level is Fatal then the peer is expected to close the + * connection, otherwise he may ignore the alert and continue. + * Returns 0 on success. + * + **/ +int gnutls_alert_send( GNUTLS_STATE state, AlertLevel level, AlertDescription desc) +{ + uint8 data[2]; + int ret; + + data[0] = (uint8) level; + data[1] = (uint8) desc; + +#ifdef RECORD_DEBUG + _gnutls_log( "Record: Sending Alert[%d|%d] - %s\n", data[0], data[1], _gnutls_alert2str((int)data[1])); +#endif + + if ( (ret = gnutls_send_int( state, GNUTLS_ALERT, -1, data, 2)) >= 0) + return 0; + else + return ret; +} + +/* Sends the appropriate alert, depending + * on the error message. + */ +/** + * gnutls_alert_send_appropriate - This function sends an alert to the peer depending on the error code + * @state: is a &GNUTLS_STATE structure. + * @err: is an integer + * + * Sends an alert to the peer depending on the error code returned by a gnutls + * function. All alerts sent by this function are fatal, so connection should + * be considered terminated after calling this function. The only exception + * is when err == GNUTLS_E_REHANDSHAKE, then a warning alert is sent to + * the peer indicating the no renegotiation will be performed. + * + * This function may also return GNUTLS_E_AGAIN, or GNUTLS_E_INTERRUPTED. + * + * If the return value is GNUTLS_E_UNIMPLEMENTED_FEATURE, then no alert has + * been sent to the peer. + * + **/ +int gnutls_alert_send_appropriate( GNUTLS_STATE state, int err) { +int ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; + switch (err) { /* send appropriate alert */ + case GNUTLS_E_MAC_FAILED: + ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_BAD_RECORD_MAC); + break; + case GNUTLS_E_DECRYPTION_FAILED: + ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_DECRYPTION_FAILED); + break; + case GNUTLS_E_DECOMPRESSION_FAILED: + ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_DECOMPRESSION_FAILURE); + break; + case GNUTLS_E_ILLEGAL_PARAMETER: + ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_ILLEGAL_PARAMETER); + break; + case GNUTLS_E_ASN1_PARSING_ERROR: + case GNUTLS_E_NO_CERTIFICATE_FOUND: + ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_BAD_CERTIFICATE); + break; + case GNUTLS_E_UNKNOWN_CIPHER_SUITE: + ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_HANDSHAKE_FAILURE); + break; + case GNUTLS_E_UNEXPECTED_PACKET: + ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_UNEXPECTED_MESSAGE); + break; + case GNUTLS_E_REHANDSHAKE: + ret = gnutls_alert_send( state, GNUTLS_AL_WARNING, GNUTLS_A_NO_RENEGOTIATION); + break; + case GNUTLS_E_UNSUPPORTED_VERSION_PACKET: + ret = gnutls_alert_send( state, GNUTLS_AL_WARNING, GNUTLS_A_PROTOCOL_VERSION); + break; + case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: + ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_RECORD_OVERFLOW); + break; + } + return ret; +} + +/** + * gnutls_alert_get_last - Returns the last alert number received. + * @state: is a &GNUTLS_STATE structure. + * + * Returns the last alert number received. This function + * should be called if GNUTLS_E_WARNING_ALERT_RECEIVED or + * GNUTLS_E_FATAL_ALERT_RECEIVED has been returned by a gnutls function. + * The peer may send alerts if he thinks some things were not + * right. Check gnutls.h for the available alert descriptions. + **/ +AlertDescription gnutls_alert_get_last( GNUTLS_STATE state) { + return state->gnutls_internals.last_alert; +} |