Alert description strings for TLSv1 and documentation.

diff --git a/CHANGES b/CHANGES
index 835635980c0a8c1c166aa820b49d83cd686ccc21..aed1082915fd3ba96b5d3d472219773041f145cc 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 0.9.6b and 0.9.6c  [XX xxx XXXX]
 
+  *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
+     [Lutz Jaenicke]
+
   *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
      for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
      [Lutz Jaenicke]

diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
index 2bb10ec8d0ed8fae18ed20f369f582cd80fc49a0..03981b8577801dac2801b4a1c6a35c6f3a54d0db 100644 (file)
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -675,6 +675,7 @@ L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
 L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
 L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
 L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
+L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>,
 L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
 L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
 L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,

diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c
index 17b2e5d7214564c3634ce7c7e00cba686396b820..acca1da94af774c648494c5848e97750f21bbc60 100644 (file)
--- a/ssl/ssl_stat.c
+++ b/ssl/ssl_stat.c
@@ -387,6 +387,18 @@ char *SSL_alert_desc_string(int value)
        case SSL3_AD_CERTIFICATE_EXPIRED:       str="CE"; break;
        case SSL3_AD_CERTIFICATE_UNKNOWN:       str="CU"; break;
        case SSL3_AD_ILLEGAL_PARAMETER:         str="IP"; break;
+       case TLS1_AD_DECRYPTION_FAILED          str="DC"; break;
+       case TLS1_AD_RECORD_OVERFLOW            str="RO"; break;
+       case TLS1_AD_UNKNOWN_CA                 str="CA"; break;
+       case TLS1_AD_ACCESS_DENIED              str="AD"; break;
+       case TLS1_AD_DECODE_ERROR               str="DE"; break;
+       case TLS1_AD_DECRYPT_ERROR              str="CY"; break;
+       case TLS1_AD_EXPORT_RESTRICTION         str="ER"; break;
+       case TLS1_AD_PROTOCOL_VERSION           str="PV"; break;
+       case TLS1_AD_INSUFFICIENT_SECURITY      str="IS"; break;
+       case TLS1_AD_INTERNAL_ERROR             str="IE"; break;
+       case TLS1_AD_USER_CANCELLED             str="US"; break;
+       case TLS1_AD_NO_RENEGOTIATION           str="NR"; break;
        default:                                str="UK"; break;
                }
        return(str);
@@ -434,6 +446,42 @@ char *SSL_alert_desc_string_long(int value)
        case SSL3_AD_ILLEGAL_PARAMETER:
                str="illegal parameter";
                break;
+       case TLS1_AD_DECRYPTION_FAILED
+               str="decryption failed";
+               break;
+       case TLS1_AD_RECORD_OVERFLOW
+               str="record overflow";
+               break;
+       case TLS1_AD_UNKNOWN_CA
+               str="unknown CA";
+               break;
+       case TLS1_AD_ACCESS_DENIED
+               str="access denied";
+               break;
+       case TLS1_AD_DECODE_ERROR
+               str="decode error";
+               break;
+       case TLS1_AD_DECRYPT_ERROR
+               str="decrypt error";
+               break;
+       case TLS1_AD_EXPORT_RESTRICTION
+               str="export restriction";
+               break;
+       case TLS1_AD_PROTOCOL_VERSION
+               str="protocol version";
+               break;
+       case TLS1_AD_INSUFFICIENT_SECURITY
+               str="insufficient security";
+               break;
+       case TLS1_AD_INTERNAL_ERROR
+               str="internal error";
+               break;
+       case TLS1_AD_USER_CANCELLED
+               str="user canceled";
+               break;
+       case TLS1_AD_NO_RENEGOTIATION
+               str="no renegotiation";
+               break;
        default: str="unknown"; break;
                }
        return(str);