The branch master has been updated via c0f4400c4051cc26fbe385b6af9fc67e7c66dbdd (commit) from 39da32729401110572da1782c80bef39c6f3f64b (commit)
- Log ----------------------------------------------------------------- commit c0f4400c4051cc26fbe385b6af9fc67e7c66dbdd Author: Dmitry Belyavskiy <beld...@gmail.com> Date: Fri Apr 30 11:27:19 2021 +0200 Use OCSP-specific error code for clarity Fixes #12735 Reviewed-by: Tomas Mraz <to...@openssl.org> Reviewed-by: Shane Lontis <shane.lon...@oracle.com> (Merged from https://github.com/openssl/openssl/pull/xxxxx) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 1 + include/openssl/sslerr.h | 1 + ssl/ssl_err.c | 2 ++ ssl/statem/statem_clnt.c | 3 ++- 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 517ebc0a01..d3e29a5553 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1409,6 +1409,7 @@ SSL_R_NO_VALID_SCTS:216:no valid scts SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback SSL_R_NULL_SSL_CTX:195:null ssl ctx SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed +SSL_R_OCSP_CALLBACK_FAILURE:305:ocsp callback failure SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\ old session compression algorithm not returned diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 7fea8a87b7..30d843cf2d 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -203,6 +203,7 @@ # define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 # define SSL_R_NULL_SSL_CTX 195 # define SSL_R_NULL_SSL_METHOD_PASSED 196 +# define SSL_R_OCSP_CALLBACK_FAILURE 305 # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 # define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 # define SSL_R_OVERFLOW_ERROR 237 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 357cfc7d94..347b263d69 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -312,6 +312,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE), + "ocsp callback failure"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 2178be95bd..dab4d1c4bc 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2699,7 +2699,8 @@ int tls_process_initial_server_flight(SSL *s) return 0; } if (ret < 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_R_OCSP_CALLBACK_FAILURE); return 0; } }