Add Error state

Reusing an SSL object when it has encountered a fatal error can have bad consequences. This is a bug in application code not libssl but libssl should be more forgiving and not crash. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-04-23 20:01:33 +0100
committer: Matt Caswell <matt@openssl.org> 2015-05-05 19:45:17 +0100
commit: a89db885e0d8aac3a9df1bbccb0c1ddfd8b2e10a (patch)
tree: 85276802786a6d323b82c2ee95890bc24cb1ac88 /ssl/s3_srvr.c
parent: a28ef860be371e45f4818b22be378519538d70f9 (diff)
download: openssl-a89db885e0d8aac3a9df1bbccb0c1ddfd8b2e10a.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 7a399673b1..266952831c 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -847,6 +847,7 @@ int ssl3_accept(SSL *s)
             goto end;
             /* break; */
 
+        case SSL_ST_ERR:
         default:
             SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE);
             ret = -1;
@@ -1444,8 +1445,10 @@ int ssl3_get_client_hello(SSL *s)
     if (0) {
  f_err:
         ssl3_send_alert(s, SSL3_AL_FATAL, al);
-    }
  err:
+        s->state = SSL_ST_ERR;
+    }
+
     sk_SSL_CIPHER_free(ciphers);
     return ret < 0 ? -1 : ret;
 }
author	Matt Caswell <matt@openssl.org>	2015-04-23 20:01:33 +0100
committer	Matt Caswell <matt@openssl.org>	2015-05-05 19:45:17 +0100
commit	a89db885e0d8aac3a9df1bbccb0c1ddfd8b2e10a (patch)
tree	85276802786a6d323b82c2ee95890bc24cb1ac88 /ssl/s3_srvr.c
parent	a28ef860be371e45f4818b22be378519538d70f9 (diff)
download	openssl-a89db885e0d8aac3a9df1bbccb0c1ddfd8b2e10a.tar.gz