- Report unexpected_message if unknown record type is received
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 610448e..90de649 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -696,6 +696,19 @@
int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );
/**
+ * \brief Send an alert message
+ *
+ * \param ssl SSL context
+ * \param level The alert level of the message
+ * (SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL)
+ * \param message The alert message (SSL_ALERT_MSG_*)
+ *
+ * \return 1 if successful, or a specific SSL error code.
+ */
+int ssl_send_alert_message( ssl_context *ssl,
+ unsigned char level,
+ unsigned char message );
+/**
* \brief Notify the peer that the connection is being closed
*
* \param ssl SSL context
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e697f4e..98a2187 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1359,6 +1359,22 @@
}
}
+ if( ssl->in_msgtype != SSL_MSG_HANDSHAKE &&
+ ssl->in_msgtype != SSL_MSG_ALERT &&
+ ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC &&
+ ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
+ {
+ SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
+
+ if( ( ret = ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
+ SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
+ }
+
if( ssl->in_msgtype == SSL_MSG_HANDSHAKE )
{
ssl->in_hslen = 4;
@@ -1421,6 +1437,30 @@
return( 0 );
}
+int ssl_send_alert_message( ssl_context *ssl,
+ unsigned char level,
+ unsigned char message )
+{
+ int ret;
+
+ SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
+
+ ssl->out_msgtype = SSL_MSG_ALERT;
+ ssl->out_msglen = 2;
+ ssl->out_msg[0] = level;
+ ssl->out_msg[1] = message;
+
+ if( ( ret = ssl_write_record( ssl ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+ return( ret );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "<= send alert message" ) );
+
+ return( 0 );
+}
+
/*
* Handshake functions
*/