yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ssl_write_handshake_msg(): Allow alert on client-side SSLv3

Browse source 
In SSLv3, the client sends a NoCertificate alert in response to
a CertificateRequest if it doesn't have a CRT. This previously
lead to failure in ssl_write_handshake_msg() which only accepted
handshake or CCS records.
This commit is contained in:
Hanno Becker 2018-08-22 16:05:47 +01:00
parent 11682ccc78
commit 2c98db2478
1 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
library/ssl_tls.c
View file

@ -3146,11 +3146,19 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
/* /*
* Sanity checks * Sanity checks
*/ */
if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); /* In SSLv3, the client might send a NoCertificate alert. */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
if( ! ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
ssl->out_msgtype == MBEDTLS_SSL_MSG_ALERT &&
ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) )
#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
} }
if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&