Fix SSLv3 alert if no Client Ceritifcate sent after a request for one
In TLS if the server sends a CertificateRequest and the client does not
provide one, if the server cannot continue it should send a
HandshakeFailure alert. In SSLv3 the same should happen, but instead we
were sending an UnexpectedMessage alert. This is incorrect - the message
isn't unexpected - it is valid for the client not to send one - its just
that we cannot continue without one.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 2ab1f8e..864f76c 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -175,7 +175,7 @@
} else {
ske_expected = key_exchange_expected(s);
if (ske_expected < 0)
- return 0;
+ goto err;
/* SKE is optional for some PSK ciphersuites */
if (ske_expected
|| ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
@@ -210,7 +210,7 @@
case TLS_ST_CR_CERT_STATUS:
ske_expected = key_exchange_expected(s);
if (ske_expected < 0)
- return 0;
+ goto err;
/* SKE is optional for some PSK ciphersuites */
if (ske_expected
|| ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
@@ -219,7 +219,7 @@
st->hand_state = TLS_ST_CR_KEY_EXCH;
return 1;
}
- return 0;
+ goto err;
}
/* Fall through */
@@ -229,7 +229,7 @@
st->hand_state = TLS_ST_CR_CERT_REQ;
return 1;
}
- return 0;
+ goto err;
}
/* Fall through */
@@ -270,7 +270,10 @@
break;
}
+ err:
/* No valid transition found */
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_READ_STATE_MACHINE, SSL_R_UNEXPECTED_MESSAGE);
return 0;
}
