diff options
| author | Jacques Vidrine <nectar@FreeBSD.org> | 2002-07-30 12:44:15 +0000 |
|---|---|---|
| committer | Jacques Vidrine <nectar@FreeBSD.org> | 2002-07-30 12:44:15 +0000 |
| commit | c1803d783676ddc1f7655e0a58c00f35ec8c4f45 (patch) | |
| tree | a6133c35ab337984fbbd26293f8b1ad7a958132b /crypto/openssl/ssl/s3_both.c | |
| parent | a21b1b381ecca3813b44ac652d05a5133d3f4e2b (diff) | |
| download | src-c1803d783676ddc1f7655e0a58c00f35ec8c4f45.tar.gz src-c1803d783676ddc1f7655e0a58c00f35ec8c4f45.zip | |
Import of OpenSSL 0.9.6d.
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=100928
Diffstat (limited to 'crypto/openssl/ssl/s3_both.c')
| -rw-r--r-- | crypto/openssl/ssl/s3_both.c | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/crypto/openssl/ssl/s3_both.c b/crypto/openssl/ssl/s3_both.c index 3f09b8bc1756..beb562868de5 100644 --- a/crypto/openssl/ssl/s3_both.c +++ b/crypto/openssl/ssl/s3_both.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -528,6 +528,8 @@ int ssl_verify_alarm_type(long type) case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_CRL_NOT_YET_VALID: + case X509_V_ERR_CERT_UNTRUSTED: + case X509_V_ERR_CERT_REJECTED: al=SSL_AD_BAD_CERTIFICATE; break; case X509_V_ERR_CERT_SIGNATURE_FAILURE: @@ -549,11 +551,16 @@ int ssl_verify_alarm_type(long type) case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: case X509_V_ERR_CERT_CHAIN_TOO_LONG: + case X509_V_ERR_PATH_LENGTH_EXCEEDED: + case X509_V_ERR_INVALID_CA: al=SSL_AD_UNKNOWN_CA; break; case X509_V_ERR_APPLICATION_VERIFICATION: al=SSL_AD_HANDSHAKE_FAILURE; break; + case X509_V_ERR_INVALID_PURPOSE: + al=SSL_AD_UNSUPPORTED_CERTIFICATE; + break; default: al=SSL_AD_CERTIFICATE_UNKNOWN; break; @@ -565,6 +572,7 @@ int ssl3_setup_buffers(SSL *s) { unsigned char *p; unsigned int extra; + size_t len; if (s->s3->rbuf.buf == NULL) { @@ -572,18 +580,21 @@ int ssl3_setup_buffers(SSL *s) extra=SSL3_RT_MAX_EXTRA; else extra=0; - if ((p=OPENSSL_malloc(SSL3_RT_MAX_PACKET_SIZE+extra)) - == NULL) + len = SSL3_RT_MAX_PACKET_SIZE + extra; + if ((p=OPENSSL_malloc(len)) == NULL) goto err; - s->s3->rbuf.buf=p; + s->s3->rbuf.buf = p; + s->s3->rbuf_len = len; } if (s->s3->wbuf.buf == NULL) { - if ((p=OPENSSL_malloc(SSL3_RT_MAX_PACKET_SIZE)) - == NULL) + len = SSL3_RT_MAX_PACKET_SIZE; + len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */ + if ((p=OPENSSL_malloc(len)) == NULL) goto err; - s->s3->wbuf.buf=p; + s->s3->wbuf.buf = p; + s->s3->wbuf_len = len; } s->packet= &(s->s3->rbuf.buf[0]); return(1); |