From 513ea4d38a9c672718e64c5fb6374b96370abb6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Mon, 8 Dec 2014 17:31:37 -0300 Subject: [PATCH] add SNI_UNSUPPORTED for better handling SSL 3.0 buffers on CyaSSL_SNI_GetFromBuffer() --- cyassl/error-ssl.h | 1 + src/tls.c | 2 +- tests/api.c | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/cyassl/error-ssl.h b/cyassl/error-ssl.h index 0cd3dea84..0745529ad 100644 --- a/cyassl/error-ssl.h +++ b/cyassl/error-ssl.h @@ -126,6 +126,7 @@ enum CyaSSL_ErrorCodes { NO_CHANGE_CIPHER_E = -393, /* Finished before change cipher */ SANITY_MSG_E = -394, /* Sanity check on msg order error */ DUPLICATE_MSG_E = -395, /* Duplicate message error */ + SNI_UNSUPPORTED = -396, /* SSL 3.0 does not support SNI */ /* add strings to SetErrorString !!!!! */ diff --git a/src/tls.c b/src/tls.c index 6c555175b..e40398f58 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1108,7 +1108,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, return BUFFER_ERROR; if (clientHello[offset++] < TLSv1_MINOR) - return BUFFER_ERROR; + return SNI_UNSUPPORTED; ato16(clientHello + offset, &len16); offset += OPAQUE16_LEN; diff --git a/tests/api.c b/tests/api.c index adb4797d8..4e09e2115 100644 --- a/tests/api.c +++ b/tests/api.c @@ -921,8 +921,8 @@ static void test_CyaSSL_SNI_GetFromBuffer(void) 0, result, &length)); buffer[1] = 0x03; - AssertIntEQ(BUFFER_ERROR, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), - 0, result, &length)); + AssertIntEQ(SNI_UNSUPPORTED, CyaSSL_SNI_GetFromBuffer(buffer, + sizeof(buffer), 0, result, &length)); buffer[2] = 0x03; AssertIntEQ(INCOMPLETE_DATA, CyaSSL_SNI_GetFromBuffer(buffer,