forked from wolfSSL/wolfssl
Add a macro guard WOLFSSL_CHECK_ALERT_ON_ERR that has the client check for
alerts in the event of an error during the handshake.
This commit is contained in:
12
src/ssl.c
12
src/ssl.c
@ -151,6 +151,8 @@
|
||||
* Enable default behaviour that is compatible with OpenSSL. For example
|
||||
* SSL_CTX by default doesn't verify the loaded certs. Enabling this
|
||||
* should make porting to new projects easier.
|
||||
* WOLFSSL_CHECK_ALERT_ON_ERR:
|
||||
* Check for alerts during the handshake in the event of an error.
|
||||
*/
|
||||
|
||||
#define WOLFSSL_EVP_INCLUDED
|
||||
@ -13258,7 +13260,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
#endif
|
||||
if (ssl->options.sendVerify) {
|
||||
if ( (ssl->error = SendCertificate(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
@ -13277,7 +13281,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
#endif
|
||||
if (!ssl->options.resuming) {
|
||||
if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
@ -13293,7 +13299,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH)
|
||||
if (ssl->options.sendVerify) {
|
||||
if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
@ -13306,7 +13314,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
|
||||
case FIRST_REPLY_THIRD :
|
||||
if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
@ -13317,7 +13327,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
|
||||
case FIRST_REPLY_FOURTH :
|
||||
if ( (ssl->error = SendFinished(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
@ -69,6 +69,8 @@
|
||||
* When only one PSK ID is used and only one call to the PSK callback can
|
||||
* be made per connect.
|
||||
* You cannot use wc_psk_client_cs_callback type callback on client.
|
||||
* WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
* Check for alerts during the handshake in the event of an error.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
@ -8471,7 +8473,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
|
||||
if (!ssl->options.resuming && ssl->options.sendVerify) {
|
||||
ssl->error = SendTls13Certificate(ssl);
|
||||
if (ssl->error != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
@ -8490,7 +8494,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
|
||||
if (!ssl->options.resuming && ssl->options.sendVerify) {
|
||||
ssl->error = SendTls13CertificateVerify(ssl);
|
||||
if (ssl->error != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
@ -8504,7 +8510,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
|
||||
|
||||
case FIRST_REPLY_FOURTH:
|
||||
if ((ssl->error = SendTls13Finished(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
Reference in New Issue
Block a user