The branch OpenSSL_1_0_2-stable has been updated via 502fcc67cccda4d997fc121eae4f2789f50adae6 (commit) from 15c088e4cf8411ffcb2f3187942aea178cc0919c (commit)
- Log ----------------------------------------------------------------- commit 502fcc67cccda4d997fc121eae4f2789f50adae6 Author: Matt Caswell <m...@openssl.org> Date: Thu Sep 15 20:53:09 2016 +0100 Revert "Abort on unrecognised warning alerts" This reverts commit 15d81749322c3498027105f8ee44e8c25479d475. There were some unexpected side effects to this commit, e.g. in SSLv3 a warning alert gets sent "no_certificate" if a client does not send a Certificate during Client Auth. With the above commit this causes the connection to abort, which is incorrect. There may be some other edge cases like this so we need to have a rethink on this. Reviewed-by: Tim Hudson <t...@openssl.org> ----------------------------------------------------------------------- Summary of changes: ssl/s3_pkt.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 91f0c58..df124cf 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1462,13 +1462,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } #ifdef SSL_AD_MISSING_SRP_USERNAME else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) - return 0; + return (0); #endif - else { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); - goto f_err; - } } else if (alert_level == SSL3_AL_FATAL) { char tmp[16]; _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits