Don't allow too many consecutive warning alerts

Certain warning alerts are ignored if they are received. This can mean that no progress will be made if one peer continually sends those warning alerts. Implement a count so that we abort the connection if we receive too many. Issue reported by Shi Lei. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-09-21 14:07:31 +0100
committer: Matt Caswell <matt@openssl.org> 2016-09-21 20:17:04 +0100
commit: af58be768ebb690f78530f796e92b8ae5c9a4401 (patch)
tree: 087701bd731382d1933438bcd73cb7029264e16b /ssl/ssl_err.c
parent: 7dc0ad4d6dca81a003be7fa1fbd58a55f4be8646 (diff)
download: openssl-af58be768ebb690f78530f796e92b8ae5c9a4401.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index bba7cdb7f7..ec550be4ba 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -617,6 +617,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
      "tls illegal exporter label"},
     {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
      "tls invalid ecpointformat list"},
+    {ERR_REASON(SSL_R_TOO_MANY_WARN_ALERTS), "too many warn alerts"},
     {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),
      "unable to find ecdh parameters"},
     {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),
author	Matt Caswell <matt@openssl.org>	2016-09-21 14:07:31 +0100
committer	Matt Caswell <matt@openssl.org>	2016-09-21 20:17:04 +0100
commit	af58be768ebb690f78530f796e92b8ae5c9a4401 (patch)
tree	087701bd731382d1933438bcd73cb7029264e16b /ssl/ssl_err.c
parent	7dc0ad4d6dca81a003be7fa1fbd58a55f4be8646 (diff)
download	openssl-af58be768ebb690f78530f796e92b8ae5c9a4401.tar.gz