The branch OpenSSL_1_1_1-stable has been updated via 4b1be3c8868cf0b26a031f68ffebc34248e1836c (commit) from 6682083fa51fb94b95afd68b2b57f7609d9e41e7 (commit)
- Log ----------------------------------------------------------------- commit 4b1be3c8868cf0b26a031f68ffebc34248e1836c Author: Dmitry Belyavskiy <beld...@gmail.com> Date: Sat May 1 13:29:05 2021 +0200 Use OCSP-specific error code for clarity Fixes #12735 for 1.1.1 Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15109) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 1 + include/openssl/sslerr.h | 3 ++- ssl/ssl_err.c | 4 +++- ssl/statem/statem_clnt.c | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 7e1776375d..e0e60ffa38 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2784,6 +2784,7 @@ SSL_R_NO_VALID_SCTS:216:no valid scts SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback SSL_R_NULL_SSL_CTX:195:null ssl ctx SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed +SSL_R_OCSP_CALLBACK_FAILURE:294:ocsp callback failure SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\ old session compression algorithm not returned diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 82983d3c1e..9060fd1b75 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -633,6 +633,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 # define SSL_R_NULL_SSL_CTX 195 # define SSL_R_NULL_SSL_METHOD_PASSED 196 +# define SSL_R_OCSP_CALLBACK_FAILURE 294 # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 # define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 # define SSL_R_OVERFLOW_ERROR 237 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 4b12ed1485..d0c69821b5 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1018,6 +1018,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE), + "ocsp callback failure"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index de58f1a4b7..5543e08c59 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2833,7 +2833,7 @@ int tls_process_initial_server_flight(SSL *s) if (ret < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT, - ERR_R_MALLOC_FAILURE); + SSL_R_OCSP_CALLBACK_FAILURE); return 0; } }