Don't use decryption_failed alert for TLS v1.1 or later.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 4 Jan 2011 19:39:27 +0000 (19:39 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 4 Jan 2011 19:39:27 +0000 (19:39 +0000)
ssl/t1_enc.c

index 2b3fd30..c418d32 100644 (file)
@@ -757,6 +757,8 @@ int tls1_enc(SSL *s, int send)
                        {
                        if (l == 0 || l%bs != 0)
                                {
+                               if (s->version >= TLS1_1_VERSION)
+                                       return -1;
                                SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
                                return 0;