diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2002-03-19 16:42:09 +0000 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2002-03-19 16:42:09 +0000 |
commit | 11c26ecf810bbeb0293921b86cd75f61809947b0 (patch) | |
tree | 770a615f9057d60a39d69477694347e1c4d5634a | |
parent | 99d5b23023a9190f3cea08713e6ec0c7640e7650 (diff) | |
download | openssl-11c26ecf810bbeb0293921b86cd75f61809947b0.zip openssl-11c26ecf810bbeb0293921b86cd75f61809947b0.tar.gz openssl-11c26ecf810bbeb0293921b86cd75f61809947b0.tar.bz2 |
Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>).
-rw-r--r-- | CHANGES | 4 | ||||
-rw-r--r-- | ssl/s3_both.c | 7 |
2 files changed, 11 insertions, 0 deletions
@@ -41,6 +41,10 @@ *) applies to 0.9.6a ... 0.9.6d and 0.9.7 +) applies to 0.9.7 only + *) Map new X509 verification errors to alerts. Discovered and submitted by + Tom Wu <tom@arcot.com>. + [Lutz Jaenicke] + *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from returning non-zero before the data has been completely received when using non-blocking I/O. diff --git a/ssl/s3_both.c b/ssl/s3_both.c index c69e8d2..89b54b7 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -548,6 +548,8 @@ int ssl_verify_alarm_type(long type) case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_CRL_NOT_YET_VALID: + case X509_V_ERR_CERT_UNTRUSTED: + case X509_V_ERR_CERT_REJECTED: al=SSL_AD_BAD_CERTIFICATE; break; case X509_V_ERR_CERT_SIGNATURE_FAILURE: @@ -569,11 +571,16 @@ int ssl_verify_alarm_type(long type) case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: case X509_V_ERR_CERT_CHAIN_TOO_LONG: + case X509_V_ERR_PATH_LENGTH_EXCEEDED: + case X509_V_ERR_INVALID_CA: al=SSL_AD_UNKNOWN_CA; break; case X509_V_ERR_APPLICATION_VERIFICATION: al=SSL_AD_HANDSHAKE_FAILURE; break; + case X509_V_ERR_INVALID_PURPOSE: + al=SSL_AD_UNSUPPORTED_CERTIFICATE; + break; default: al=SSL_AD_CERTIFICATE_UNKNOWN; break; |