This adds a new ENGINE to support IBM 4758 cards, contributed by Maurice

[openssl.git] / ssl / s3_pkt.c

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index e0b13d99b99b195f983874ceefcdd9abd806bb21..616698f70aa027e6a17ec4a2cd9ffc9e87640b24 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -730,7 +730,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
        int al,i,j,ret;
        unsigned int n;
        SSL3_RECORD *rr;
-       void (*cb)()=NULL;
+       void (*cb)(const SSL *ssl,int type2,int val)=NULL;
 
        if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
                if (!ssl3_setup_buffers(s))
@@ -911,6 +911,9 @@ start:
                        goto err;
                        }
 
+               if (s->msg_callback)
+                       s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
+
                if (SSL_is_init_finished(s) &&
                        !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
                        !s->s3->renegotiate)
@@ -956,6 +959,9 @@ start:
 
                s->s3->alert_fragment_len = 0;
 
+               if (s->msg_callback)
+                       s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg);
+
                if (s->info_callback != NULL)
                        cb=s->info_callback;
                else if (s->ctx->info_callback != NULL)
@@ -1019,6 +1025,10 @@ start:
                        }
 
                rr->length=0;
+
+               if (s->msg_callback)
+                       s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
+
                s->s3->change_cipher_spec=1;
                if (!do_change_cipher_spec(s))
                        goto err;
@@ -1077,6 +1087,7 @@ start:
                /* TLS just ignores unknown message types */
                if (s->version == TLS1_VERSION)
                        {
+                       rr->length = 0;
                        goto start;
                        }
 #endif
@@ -1177,6 +1188,8 @@ void ssl3_send_alert(SSL *s, int level, int desc)
        {
        /* Map tls/ssl alert value to correct one */
        desc=s->method->ssl3_enc->alert_value(desc);
+       if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
+               desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
        if (desc < 0) return;
        /* If a fatal one, remove from cache */
        if ((level == 2) && (s->session != NULL))
@@ -1194,7 +1207,7 @@ void ssl3_send_alert(SSL *s, int level, int desc)
 int ssl3_dispatch_alert(SSL *s)
        {
        int i,j;
-       void (*cb)()=NULL;
+       void (*cb)(const SSL *ssl,int type,int val)=NULL;
 
        s->s3->alert_dispatch=0;
        i=do_ssl3_write(s,SSL3_RT_ALERT,&s->s3->send_alert[0],2);
@@ -1210,6 +1223,9 @@ int ssl3_dispatch_alert(SSL *s)
                if (s->s3->send_alert[0] == SSL3_AL_FATAL)
                        (void)BIO_flush(s->wbio);
 
+               if (s->msg_callback)
+                       s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg);
+
                if (s->info_callback != NULL)
                        cb=s->info_callback;
                else if (s->ctx->info_callback != NULL)