Commit 0a925187 authored by Paul Bakker's avatar Paul Bakker
Browse files

- Report unexpected_message if unknown record type is received

parent 6f3578cf
......@@ -695,6 +695,19 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len );
*/
int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );
/**
* \brief Send an alert message
*
* \param ssl SSL context
* \param level The alert level of the message
* (SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL)
* \param message The alert message (SSL_ALERT_MSG_*)
*
* \return 1 if successful, or a specific SSL error code.
*/
int ssl_send_alert_message( ssl_context *ssl,
unsigned char level,
unsigned char message );
/**
* \brief Notify the peer that the connection is being closed
*
......
......@@ -1359,6 +1359,22 @@ int ssl_read_record( ssl_context *ssl )
}
}
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE &&
ssl->in_msgtype != SSL_MSG_ALERT &&
ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC &&
ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
{
SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
if( ( ret = ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 )
{
return( ret );
}
return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
if( ssl->in_msgtype == SSL_MSG_HANDSHAKE )
{
ssl->in_hslen = 4;
......@@ -1421,6 +1437,30 @@ int ssl_read_record( ssl_context *ssl )
return( 0 );
}
int ssl_send_alert_message( ssl_context *ssl,
unsigned char level,
unsigned char message )
{
int ret;
SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
ssl->out_msgtype = SSL_MSG_ALERT;
ssl->out_msglen = 2;
ssl->out_msg[0] = level;
ssl->out_msg[1] = message;
if( ( ret = ssl_write_record( ssl ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_write_record", ret );
return( ret );
}
SSL_DEBUG_MSG( 2, ( "<= send alert message" ) );
return( 0 );
}
/*
* Handshake functions
*/
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment