Revert "Abort on unrecognised warning alerts"
authorMatt Caswell <matt@openssl.org>
Thu, 15 Sep 2016 19:43:16 +0000 (20:43 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 15 Sep 2016 21:51:06 +0000 (22:51 +0100)
This reverts commit 77a6be4dfc2ecf406c2559a99bea51317ce0f533.

There were some unexpected side effects to this commit, e.g. in SSLv3 a
warning alert gets sent "no_certificate" if a client does not send a
Certificate during Client Auth. With the above commit this causes the
connection to abort, which is incorrect. There may be some other edge cases
like this so we need to have a rethink on this.

Reviewed-by: Tim Hudson <tjh@openssl.org>
ssl/record/rec_layer_s3.c

index aa148ba490e55957f6c96fcc032e47d6b9220bb5..46870c054b82b9ba1ac2365bed6d1cb1d36e72cf 100644 (file)
@@ -1351,15 +1351,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
                 goto f_err;
             }
 #ifdef SSL_AD_MISSING_SRP_USERNAME
-            else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) {
-                return 0;
-            }
+            else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
+                return (0);
 #endif
-            else {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
-                goto f_err;
-            }
         } else if (alert_level == SSL3_AL_FATAL) {
             char tmp[16];