wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add a macro guard WOLFSSL_CHECK_ALERT_ON_ERR that has the client check for

Browse Source 
alerts in the event of an error during the handshake.
This commit is contained in:
Hayden Roche
2021-08-09 20:03:07 -07:00
parent ef5510cbcc
commit fdc350fb52
2 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/ssl.c
View File

@ -151,6 +151,8 @@
* Enable default behaviour that is compatible with OpenSSL. For example
* SSL_CTX by default doesn't verify the loaded certs. Enabling this
* should make porting to new projects easier.
* WOLFSSL_CHECK_ALERT_ON_ERR:
* Check for alerts during the handshake in the event of an error.
*/
#define WOLFSSL_EVP_INCLUDED
@ -13258,7 +13260,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#endif
if (ssl->options.sendVerify) {
if ( (ssl->error = SendCertificate(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
@ -13277,7 +13281,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#endif
if (!ssl->options.resuming) {
if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
@ -13293,7 +13299,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH)
if (ssl->options.sendVerify) {
if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
@ -13306,7 +13314,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
case FIRST_REPLY_THIRD :
if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
@ -13317,7 +13327,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
case FIRST_REPLY_FOURTH :
if ( (ssl->error = SendFinished(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}

8
src/tls13.c
View File

@ -69,6 +69,8 @@
* When only one PSK ID is used and only one call to the PSK callback can
* be made per connect.
* You cannot use wc_psk_client_cs_callback type callback on client.
* WOLFSSL_CHECK_ALERT_ON_ERR
* Check for alerts during the handshake in the event of an error.
*/
#ifdef HAVE_CONFIG_H
@ -8471,7 +8473,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
if (!ssl->options.resuming && ssl->options.sendVerify) {
ssl->error = SendTls13Certificate(ssl);
if (ssl->error != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
@ -8490,7 +8494,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
if (!ssl->options.resuming && ssl->options.sendVerify) {
ssl->error = SendTls13CertificateVerify(ssl);
if (ssl->error != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
@ -8504,7 +8510,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
case FIRST_REPLY_FOURTH:
if ((ssl->error = SendTls13Finished(ssl)) != 0) {
#ifdef WOLFSSL_CHECK_ALERT_ON_ERR
ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
#endif
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}