mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

give more meaningful error if presented with wrong certificate type by server

Browse Source
This commit is contained in:
Dr. Stephen Henson 2012-08-30 12:46:22 +00:00
parent 6206682a35
commit becfdb995b
3 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ssl/s3_clnt.c
View File

@ -1833,10 +1833,13 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
} }
else else
{ {
/* aNULL or kPSK do not need public keys */
if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK))
/* aNULL or kPSK do not need public keys */
{ {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); /* Might be wrong key type, check it */
if (ssl3_check_cert_and_algorithm(s))
/* Otherwise this shouldn't happen */
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
/* still data left over */ /* still data left over */
@ -3334,6 +3337,16 @@ int ssl3_check_cert_and_algorithm(SSL *s)
return 1; return 1;
} }
} }
else if (alg_a & SSL_aECDSA)
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_ECDSA_SIGNING_CERT);
goto f_err;
}
else if (alg_k & (SSL_kECDHr|SSL_kECDHe))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_ECDH_CERT);
goto f_err;
}
#endif #endif
pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);

2
ssl/ssl.h
View File

@ -2624,6 +2624,8 @@ void ERR_load_SSL_strings(void);
#define SSL_R_MISSING_DH_KEY 163 #define SSL_R_MISSING_DH_KEY 163
#define SSL_R_MISSING_DH_RSA_CERT 164 #define SSL_R_MISSING_DH_RSA_CERT 164
#define SSL_R_MISSING_DSA_SIGNING_CERT 165 #define SSL_R_MISSING_DSA_SIGNING_CERT 165
#define SSL_R_MISSING_ECDH_CERT 382
#define SSL_R_MISSING_ECDSA_SIGNING_CERT 381
#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 #define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 #define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
#define SSL_R_MISSING_RSA_CERTIFICATE 168 #define SSL_R_MISSING_RSA_CERTIFICATE 168

2
ssl/ssl_err.c
View File

@ -431,6 +431,8 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"}, {ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"},
{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"}, {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"},
{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"}, {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"},
{ERR_REASON(SSL_R_MISSING_ECDH_CERT) ,"missing ecdh cert"},
{ERR_REASON(SSL_R_MISSING_ECDSA_SIGNING_CERT),"missing ecdsa signing cert"},
{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"}, {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"},
{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"}, {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"},
{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"}, {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"},