Fix more alert codes

author Matt Caswell <matt@openssl.org>

Wed, 10 May 2017 15:47:24 +0000 (16:47 +0100)

committer Matt Caswell <matt@openssl.org>

Thu, 11 May 2017 12:13:04 +0000 (13:13 +0100)
author Matt Caswell <matt@openssl.org>
Wed, 10 May 2017 15:47:24 +0000 (16:47 +0100)
committer Matt Caswell <matt@openssl.org>
Thu, 11 May 2017 12:13:04 +0000 (13:13 +0100)
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c

index 3f7fce0da0e77979c73368d0e1b99118fdff0809..2d7bcd3e11e841a73eb7e621d1240b4680622149 100644 (file)
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1312,7 +1312,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
      }
  
      if (!PACKET_get_net_2(pkt, &group_id)) {
-        *al = SSL_AD_HANDSHAKE_FAILURE;
+        *al = SSL_AD_DECODE_ERROR;
          SSLerr(SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_LENGTH_MISMATCH);
          return 0;
      }
@@ -1322,7 +1322,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
          size_t i, num_curves;
  
          if (PACKET_remaining(pkt) != 0) {
-            *al = SSL_AD_HANDSHAKE_FAILURE;
+            *al = SSL_AD_DECODE_ERROR;
              SSLerr(SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_LENGTH_MISMATCH);
              return 0;
          }
@@ -1364,7 +1364,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
           * This isn't for the group that we sent in the original
           * key_share!
           */
-        *al = SSL_AD_HANDSHAKE_FAILURE;
+        *al = SSL_AD_ILLEGAL_PARAMETER;
          SSLerr(SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
          return 0;
      }
@@ -1465,13 +1465,13 @@ int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
      unsigned int identity;
  
      if (!PACKET_get_net_2(pkt, &identity) || PACKET_remaining(pkt) != 0) {
-        *al = SSL_AD_HANDSHAKE_FAILURE;
+        *al = SSL_AD_DECODE_ERROR;
          SSLerr(SSL_F_TLS_PARSE_STOC_PSK, SSL_R_LENGTH_MISMATCH);
          return 0;
      }
  
      if (s->session->ext.tick_identity != (int)identity) {
-        *al = SSL_AD_HANDSHAKE_FAILURE;
+        *al = SSL_AD_ILLEGAL_PARAMETER;
          SSLerr(SSL_F_TLS_PARSE_STOC_PSK, SSL_R_BAD_PSK_IDENTITY);
          return 0;
      }
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c

index 6bff9d47d32d5ad50680c9d9011a7c16f9de539c..c1fec589eaff9ad05034d79683c92377e5829846 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1787,7 +1787,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
  
      if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {
          x = NULL;
-        al = SSL3_AL_FATAL;
+        al = SSL_AD_INTERNAL_ERROR;
          SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
                 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
          goto f_err;
author	Matt Caswell <matt@openssl.org>
	Wed, 10 May 2017 15:47:24 +0000 (16:47 +0100)
committer	Matt Caswell <matt@openssl.org>
	Thu, 11 May 2017 12:13:04 +0000 (13:13 +0100)
ssl/statem/extensions_clnt.c		patch \| blob \| history
ssl/statem/statem_clnt.c		patch \| blob \| history