mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-01-27 08:42:19 +01:00
WOLFSSL_CHECK_ALERT_ON_ERR: ignore non fatal errors
This commit is contained in:
Marco Oliverio
@@ -22292,17 +22292,6 @@ static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr)
|
||||
return ssl->error;
|
||||
}
|
||||
|
||||
/* If checking alert on error (allowSocketErr == 1) do not try and
|
||||
* process alerts for async or ocsp non blocking */
|
||||
#if defined(WOLFSSL_CHECK_ALERT_ON_ERR) && \
|
||||
(defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP))
|
||||
if (allowSocketErr == 1 && \
|
||||
(ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E) ||
|
||||
ssl->error == WC_NO_ERR_TRACE(OCSP_WANT_READ))) {
|
||||
return ssl->error;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_ASYNC_CRYPT)
|
||||
/* process any pending DTLS messages - this flow can happen with async */
|
||||
if (ssl->dtls_rx_msg_list != NULL) {
|
||||
@@ -42524,6 +42513,34 @@ int wolfSSL_TestAppleNativeCertValidation_AppendCA(WOLFSSL_CTX* ctx,
|
||||
|
||||
#endif /* defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */
|
||||
|
||||
#if defined(WOLFSSL_CHECK_ALERT_ON_ERR)
|
||||
/* Do not try to process error for async, non blocking io, and app_read */
|
||||
void wolfSSL_maybeCheckAlertOnErr(WOLFSSL* ssl, int err)
|
||||
{
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
#if defined(WOLFSSL_NONBLOCK_OCSP)
|
||||
if (err == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
#if defined(WOLFSSL_EARLY_DATA)
|
||||
if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) {
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
if (err == WC_NO_ERR_TRACE(WANT_WRITE) ||
|
||||
err == WC_NO_ERR_TRACE(WANT_READ)) {
|
||||
return;
|
||||
}
|
||||
/* check if an alert was sent */
|
||||
ProcessReplyEx(ssl, 1);
|
||||
}
|
||||
#endif /* WOLFSSL_CHECK_ALERT_ON_ERR */
|
||||
|
||||
#undef ERROR_OUT
|
||||
|
||||
#endif /* !WOLFCRYPT_ONLY */
|
||||
|
||||
29
src/ssl.c
29
src/ssl.c
@@ -10592,7 +10592,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
if (ssl->options.sendVerify) {
|
||||
if ( (ssl->error = SendCertificate(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
@@ -10613,7 +10613,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
if (!ssl->options.resuming) {
|
||||
if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
#ifdef WOLFSSL_EXTRA_ALERTS
|
||||
if (ssl->error == WC_NO_ERR_TRACE(NO_PEER_KEY) ||
|
||||
@@ -10644,7 +10644,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
if (ssl->options.sendVerify) {
|
||||
if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
@@ -10659,7 +10659,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
case FIRST_REPLY_THIRD :
|
||||
if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
@@ -10672,7 +10672,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
case FIRST_REPLY_FOURTH :
|
||||
if ( (ssl->error = SendFinished(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
@@ -11052,7 +11052,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
}
|
||||
if ( (ssl->error = SendServerHello(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
@@ -11071,7 +11071,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
if (!ssl->options.resuming)
|
||||
if ( (ssl->error = SendCertificate(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
@@ -11086,7 +11086,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
if (!ssl->options.resuming)
|
||||
if ( (ssl->error = SendCertificateStatus(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
@@ -11105,7 +11105,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
if (!ssl->options.resuming)
|
||||
if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
@@ -11120,8 +11120,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
if (ssl->options.verifyPeer) {
|
||||
if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
/* See if an alert was sent. */
|
||||
ProcessReplyEx(ssl, 1);
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
@@ -11141,7 +11140,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
if (!ssl->options.resuming)
|
||||
if ( (ssl->error = SendServerHelloDone(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
@@ -11182,7 +11181,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
if (ssl->options.createTicket && !ssl->options.noTicketTls12) {
|
||||
if ( (ssl->error = SendTicket(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
WOLFSSL_MSG("Thought we need ticket but failed");
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
@@ -11203,7 +11202,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
|
||||
if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
@@ -11215,7 +11214,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
case CHANGE_CIPHER_SENT :
|
||||
if ( (ssl->error = SendFinished(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
|
||||
@@ -13548,7 +13548,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
|
||||
ssl->error = SendTls13Certificate(ssl);
|
||||
if (ssl->error != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
@@ -13570,7 +13570,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
|
||||
ssl->error = SendTls13CertificateVerify(ssl);
|
||||
if (ssl->error != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
@@ -13586,7 +13586,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
|
||||
case FIRST_REPLY_FOURTH:
|
||||
if ((ssl->error = SendTls13Finished(ssl)) != 0) {
|
||||
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
|
||||
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
|
||||
wolfSSL_maybeCheckAlertOnErr(ssl, ssl->error);
|
||||
#endif
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
|
||||
@@ -7240,6 +7240,10 @@ WOLFSSL_LOCAL int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
|
||||
word32* keySz);
|
||||
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||
|
||||
#if defined(WOLFSSL_CHECK_ALERT_ON_ERR)
|
||||
WOLFSSL_LOCAL void wolfSSL_maybeCheckAlertOnErr(WOLFSSL* ssl, int err);
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user