git.openssl.org Git - openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Tue, 16 May 2017 16:28:23 +0000 (17:28 +0100)
committer	Matt Caswell <matt@openssl.org>
	Fri, 19 May 2017 07:47:08 +0000 (08:47 +0100)
commit	fb34a0f4e033246ef5f957bc57d2ebc904a519fc
tree	1db7d3e04ad02459db6fb04dd264cf7936dc34e4	tree \| snapshot
parent	d8028b202bfe337200a0cc89b80983ea1838cb30	commit \| diff

Try to be more consistent about the alerts we send

We are quite inconsistent about which alerts get sent. Specifically, these
alerts should be used (normally) in the following circumstances:

SSL_AD_DECODE_ERROR = The peer sent a syntactically incorrect message
SSL_AD_ILLEGAL_PARAMETER = The peer sent a message which was syntactically
correct, but a parameter given is invalid for the context
SSL_AD_HANDSHAKE_FAILURE = The peer's messages were syntactically and
semantically correct, but the parameters provided were unacceptable to us
(e.g. because we do not support the requested parameters)
SSL_AD_INTERNAL_ERROR = We messed up (e.g. malloc failure)

The standards themselves aren't always consistent but I think the above
represents the best interpretation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3480)

ssl/record/ssl3_record.c		diff \| blob \| history
ssl/ssl_lib.c		diff \| blob \| history
ssl/ssl_rsa.c		diff \| blob \| history
ssl/ssl_sess.c		diff \| blob \| history
ssl/statem/extensions.c		diff \| blob \| history
ssl/statem/extensions_clnt.c		diff \| blob \| history
ssl/statem/extensions_srvr.c		diff \| blob \| history
ssl/statem/statem_clnt.c		diff \| blob \| history
ssl/statem/statem_dtls.c		diff \| blob \| history
ssl/statem/statem_lib.c		diff \| blob \| history
ssl/statem/statem_srvr.c		diff \| blob \| history
ssl/t1_lib.c		diff \| blob \| history