return unexpected message when receiving kx with kDHr or kDHd
authorKurt Roeckx <kurt@roeckx.be>
Sat, 14 Mar 2015 23:26:26 +0000 (00:26 +0100)
committerKurt Roeckx <kurt@roeckx.be>
Mon, 23 Mar 2015 20:08:20 +0000 (21:08 +0100)
It was saying that it was an illegal parameter / unsupported cipher

Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/s3_clnt.c
ssl/ssl.h
ssl/ssl_err.c

index 81381ef..f4b60be 100644 (file)
@@ -1722,11 +1722,6 @@ int ssl3_get_key_exchange(SSL *s)
 
         s->session->sess_cert->peer_dh_tmp = dh;
         dh = NULL;
-    } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-               SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
-        goto f_err;
     }
 #endif                          /* !OPENSSL_NO_DH */
 
index 3a6f9fb..dec3abc 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2387,7 +2387,6 @@ void ERR_load_SSL_strings(void);
 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
-# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235
 # define SSL_R_UNABLE_TO_DECODE_DH_CERTS                  236
 # define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS                313
 # define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS               238
index 75ca684..5792906 100644 (file)
@@ -665,8 +665,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
      "tls peer did not respond with certificate list"},
     {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),
      "tls rsa encrypted value length is wrong"},
-    {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),
-     "tried to use unsupported cipher"},
     {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"},
     {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),
      "unable to decode ecdh certs"},