Actually ignore most non-fatal alerts
fixes #308
diff --git a/ChangeLog b/ChangeLog
index 3ca9268..1c132ab 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS 1.3.15 released 2015-10-xx
+
+Bugfix
+ * Fix bug causing some handshakes to fail due to some non-fatal alerts not
+ begin properly ignored. Found by mancha and Kasom Koht-arsa, #308
+
= mbed TLS 1.3.14 released 2015-10-06
Security
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7fc9d99..44e5582 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2211,6 +2211,7 @@
/*
* Read the record header and validate it
*/
+read_record_header:
if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
@@ -2408,7 +2409,7 @@
ssl->in_msg[0], ssl->in_msg[1] ) );
/*
- * Ignore non-fatal alerts, except close_notify
+ * Ignore non-fatal alerts, except close_notify and no_renego
*/
if( ssl->in_msg[0] == SSL_ALERT_LEVEL_FATAL )
{
@@ -2423,6 +2424,29 @@
SSL_DEBUG_MSG( 2, ( "is a close notify message" ) );
return( POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY );
}
+
+ if( ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING &&
+ ssl->in_msg[1] == SSL_ALERT_MSG_NO_RENEGOTIATION )
+ {
+ SSL_DEBUG_MSG( 2, ( "is a no_renegotiation" ) );
+ /* Will be handled when trying to parse ServerHello */
+ ssl->in_left = 0;
+ return( 0 );
+ }
+
+ if( ssl->minor_ver == SSL_MINOR_VERSION_0 &&
+ ssl->endpoint == SSL_IS_SERVER &&
+ ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING &&
+ ssl->in_msg[1] == SSL_ALERT_MSG_NO_CERT )
+ {
+ SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
+ /* Will be handled in ssl_parse_certificate() */
+ ssl->in_left = 0;
+ return( 0 );
+ }
+
+ /* Silently discard: fetch new message */
+ goto read_record_header;
}
ssl->in_left = 0;