Try to be more consistent about the alerts we send We are quite inconsistent about which alerts get sent. Specifically, these alerts should be used (normally) in the following circumstances: SSL_AD_DECODE_ERROR = The peer sent a syntactically incorrect message SSL_AD_ILLEGAL_PARAMETER = The peer sent a message which was syntactically correct, but a parameter given is invalid for the context SSL_AD_HANDSHAKE_FAILURE = The peer's messages were syntactically and semantically correct, but the parameters provided were unacceptable to us (e.g. because we do not support the requested parameters) SSL_AD_INTERNAL_ERROR = We messed up (e.g. malloc failure) The standards themselves aren't always consistent but I think the above represents the best interpretation. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3480)

commit: fb34a0f4e033246ef5f957bc57d2ebc904a519fc [log] [tgz]
author: Matt Caswell <matt@openssl.org> Tue May 16 17:28:23 2017 +0100
committer: Matt Caswell <matt@openssl.org> Fri May 19 08:47:08 2017 +0100
tree: 1db7d3e04ad02459db6fb04dd264cf7936dc34e4
parent: d8028b202bfe337200a0cc89b80983ea1838cb30 [diff] [blame]
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 6f1c380..1ee8056 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c

@@ -775,7 +775,7 @@
         int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
                                                ext_type, out, outlen);
         if (retval == -1) {
-            *al = SSL_AD_DECODE_ERROR;
+            *al = SSL_AD_INTERNAL_ERROR;
             return -1;          /* Error */
         }
         if (retval == 0)
commit	fb34a0f4e033246ef5f957bc57d2ebc904a519fc	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Tue May 16 17:28:23 2017 +0100
committer	Matt Caswell <matt@openssl.org>	Fri May 19 08:47:08 2017 +0100
tree	1db7d3e04ad02459db6fb04dd264cf7936dc34e4
parent	d8028b202bfe337200a0cc89b80983ea1838cb30 [diff] [blame]