Add Error state

Reusing an SSL object when it has encountered a fatal error can
have bad consequences. This is a bug in application code not libssl
but libssl should be more forgiving and not crash.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a89db885e0)

Conflicts:
	ssl/s3_srvr.c
	ssl/ssl_stat.c
This commit is contained in:
Matt Caswell 2015-04-23 20:01:33 +01:00
parent 4b771121f2
commit 189e20c68c
3 changed files with 11 additions and 1 deletions

View file

@ -857,6 +857,7 @@ int ssl3_accept(SSL *s)
goto end;
/* break; */
case SSL_ST_ERR:
default:
SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE);
ret = -1;
@ -1489,8 +1490,10 @@ int ssl3_get_client_hello(SSL *s)
if (0) {
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
}
err:
s->state = SSL_ST_ERR;
}
if (ciphers != NULL)
sk_SSL_CIPHER_free(ciphers);
return (ret);

View file

@ -1544,6 +1544,7 @@ extern "C" {
# define SSL_ST_BEFORE 0x4000
# define SSL_ST_OK 0x03
# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
# define SSL_ST_ERR 0x05
# define SSL_CB_LOOP 0x01
# define SSL_CB_EXIT 0x02

View file

@ -117,6 +117,9 @@ const char *SSL_state_string_long(const SSL *s)
case SSL_ST_OK | SSL_ST_ACCEPT:
str = "ok/accept SSL initialization";
break;
case SSL_ST_ERR:
str = "error";
break;
#ifndef OPENSSL_NO_SSL2
case SSL2_ST_CLIENT_START_ENCRYPTION:
str = "SSLv2 client start encryption";
@ -496,6 +499,9 @@ const char *SSL_state_string(const SSL *s)
case SSL_ST_OK:
str = "SSLOK ";
break;
case SSL_ST_ERR:
str = "SSLERR";
break;
#ifndef OPENSSL_NO_SSL2
case SSL2_ST_CLIENT_START_ENCRYPTION:
str = "2CSENC";