Use OCSP-specific error code for clarity

author Dmitry Belyavskiy <beldmit@gmail.com>

Fri, 30 Apr 2021 09:27:19 +0000 (11:27 +0200)

committer Dmitry Belyavskiy <beldmit@gmail.com>

Sat, 1 May 2021 11:09:15 +0000 (13:09 +0200)
author Dmitry Belyavskiy <beldmit@gmail.com>
Fri, 30 Apr 2021 09:27:19 +0000 (11:27 +0200)
committer Dmitry Belyavskiy <beldmit@gmail.com>
Sat, 1 May 2021 11:09:15 +0000 (13:09 +0200)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt

index 517ebc0a010338b2368da58df81c38ba2559f96a..d3e29a555347185d59d701c2df29ee14b21c7c47 100644 (file)
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1409,6 +1409,7 @@ SSL_R_NO_VALID_SCTS:216:no valid scts
  SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback
  SSL_R_NULL_SSL_CTX:195:null ssl ctx
  SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed
+SSL_R_OCSP_CALLBACK_FAILURE:305:ocsp callback failure
  SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned
  SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\
         old session compression algorithm not returned
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h

index 7fea8a87b77aafa877bc67ced3a6206a4e2df430..30d843cf2d202f8408381e1db77a02e4d001fe51 100644 (file)
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -203,6 +203,7 @@
  # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
  # define SSL_R_NULL_SSL_CTX                               195
  # define SSL_R_NULL_SSL_METHOD_PASSED                     196
+# define SSL_R_OCSP_CALLBACK_FAILURE                      305
  # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
  # define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
  # define SSL_R_OVERFLOW_ERROR                             237
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c

index 357cfc7d94a48624af8bf244ea0d1c7067332c61..347b263d6948a6740892c7c15337d2c8cdd45e11 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -312,6 +312,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"},
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED),
      "null ssl method passed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE),
+    "ocsp callback failure"},
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
      "old session cipher not returned"},
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c

index 2178be95bd96272b392d5844816fde776b81bcbb..dab4d1c4bc675aa3dad2ac5298cc0891a0f4ce9c 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2699,7 +2699,8 @@ int tls_process_initial_server_flight(SSL *s)
              return 0;
          }
          if (ret < 0) {
-            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_R_OCSP_CALLBACK_FAILURE);
              return 0;
          }
      }
author	Dmitry Belyavskiy <beldmit@gmail.com>
	Fri, 30 Apr 2021 09:27:19 +0000 (11:27 +0200)
committer	Dmitry Belyavskiy <beldmit@gmail.com>
	Sat, 1 May 2021 11:09:15 +0000 (13:09 +0200)
crypto/err/openssl.txt		patch \| blob \| history
include/openssl/sslerr.h		patch \| blob \| history
ssl/ssl_err.c		patch \| blob \| history
ssl/statem/statem_clnt.c		patch \| blob \| history