|
Packit Service |
4684c1 |
/*
|
|
Packit Service |
4684c1 |
* Copyright (C) 2000-2012 Free Software Foundation, Inc.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Author: Nikos Mavrogiannopoulos
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This file is part of GnuTLS.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit Service |
4684c1 |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit Service |
4684c1 |
* the License, or (at your option) any later version.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This library is distributed in the hope that it will be useful, but
|
|
Packit Service |
4684c1 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
4684c1 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
4684c1 |
* Lesser General Public License for more details.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include "gnutls_int.h"
|
|
Packit Service |
4684c1 |
#include "errors.h"
|
|
Packit Service |
4684c1 |
#include <record.h>
|
|
Packit Service |
4684c1 |
#include <debug.h>
|
|
Packit Service |
4684c1 |
#include "str.h"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
typedef struct {
|
|
Packit Service |
4684c1 |
gnutls_alert_description_t alert;
|
|
Packit Service |
4684c1 |
const char *name;
|
|
Packit Service |
4684c1 |
const char *desc;
|
|
Packit Service |
4684c1 |
} gnutls_alert_entry;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define ALERT_ENTRY(x,y) \
|
|
Packit Service |
4684c1 |
{x, #x, y}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static const gnutls_alert_entry sup_alerts[] = {
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_CLOSE_NOTIFY, N_("Close notify")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_UNEXPECTED_MESSAGE, N_("Unexpected message")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_BAD_RECORD_MAC, N_("Bad record MAC")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_DECRYPTION_FAILED, N_("Decryption failed")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_RECORD_OVERFLOW, N_("Record overflow")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_DECOMPRESSION_FAILURE,
|
|
Packit Service |
4684c1 |
N_("Decompression failed")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_HANDSHAKE_FAILURE, N_("Handshake failed")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_BAD_CERTIFICATE, N_("Certificate is bad")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_UNSUPPORTED_CERTIFICATE,
|
|
Packit Service |
4684c1 |
N_("Certificate is not supported")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_CERTIFICATE_REVOKED,
|
|
Packit Service |
4684c1 |
N_("Certificate was revoked")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_CERTIFICATE_EXPIRED,
|
|
Packit Service |
4684c1 |
N_("Certificate is expired")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_CERTIFICATE_UNKNOWN,
|
|
Packit Service |
4684c1 |
N_("Unknown certificate")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_ILLEGAL_PARAMETER, N_("Illegal parameter")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_UNKNOWN_CA, N_("CA is unknown")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_ACCESS_DENIED, N_("Access was denied")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_DECODE_ERROR, N_("Decode error")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_DECRYPT_ERROR, N_("Decrypt error")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_EXPORT_RESTRICTION, N_("Export restriction")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_PROTOCOL_VERSION,
|
|
Packit Service |
4684c1 |
N_("Error in protocol version")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_INSUFFICIENT_SECURITY,
|
|
Packit Service |
4684c1 |
N_("Insufficient security")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_USER_CANCELED, N_("User canceled")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_SSL3_NO_CERTIFICATE,
|
|
Packit Service |
4684c1 |
N_("No certificate (SSL 3.0)")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_INTERNAL_ERROR, N_("Internal error")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_INAPPROPRIATE_FALLBACK,
|
|
Packit Service |
4684c1 |
N_("Inappropriate fallback")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_NO_RENEGOTIATION,
|
|
Packit Service |
4684c1 |
N_("No renegotiation is allowed")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_CERTIFICATE_UNOBTAINABLE,
|
|
Packit Service |
4684c1 |
N_("Could not retrieve the specified certificate")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_UNSUPPORTED_EXTENSION,
|
|
Packit Service |
4684c1 |
N_("An unsupported extension was sent")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_UNRECOGNIZED_NAME,
|
|
Packit Service |
4684c1 |
N_("The server name sent was not recognized")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_UNKNOWN_PSK_IDENTITY,
|
|
Packit Service |
4684c1 |
N_("The SRP/PSK username is missing or not known")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_MISSING_EXTENSION,
|
|
Packit Service |
4684c1 |
N_("An extension was expected but was not seen")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_NO_APPLICATION_PROTOCOL,
|
|
Packit Service |
4684c1 |
N_
|
|
Packit Service |
4684c1 |
("No supported application protocol could be negotiated")),
|
|
Packit Service |
4684c1 |
ALERT_ENTRY(GNUTLS_A_CERTIFICATE_REQUIRED,
|
|
Packit Service |
4684c1 |
N_("Certificate is required")),
|
|
Packit Service |
4684c1 |
{0, NULL, NULL}
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_alert_get_name:
|
|
Packit Service |
4684c1 |
* @alert: is an alert number.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function will return a string that describes the given alert
|
|
Packit Service |
4684c1 |
* number, or %NULL. See gnutls_alert_get().
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: string corresponding to #gnutls_alert_description_t value.
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
const char *gnutls_alert_get_name(gnutls_alert_description_t alert)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
const gnutls_alert_entry *p;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (p = sup_alerts; p->desc != NULL; p++)
|
|
Packit Service |
4684c1 |
if (p->alert == alert)
|
|
Packit Service |
4684c1 |
return _(p->desc);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return NULL;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_alert_get_strname:
|
|
Packit Service |
4684c1 |
* @alert: is an alert number.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function will return a string of the name of the alert.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: string corresponding to #gnutls_alert_description_t value.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Since: 3.0
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
const char *gnutls_alert_get_strname(gnutls_alert_description_t alert)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
const gnutls_alert_entry *p;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (p = sup_alerts; p->name != NULL; p++)
|
|
Packit Service |
4684c1 |
if (p->alert == alert)
|
|
Packit Service |
4684c1 |
return p->name;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return NULL;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_alert_send:
|
|
Packit Service |
4684c1 |
* @session: is a #gnutls_session_t type.
|
|
Packit Service |
4684c1 |
* @level: is the level of the alert
|
|
Packit Service |
4684c1 |
* @desc: is the alert description
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function will send an alert to the peer in order to inform
|
|
Packit Service |
4684c1 |
* him of something important (eg. his Certificate could not be verified).
|
|
Packit Service |
4684c1 |
* If the alert level is Fatal then the peer is expected to close the
|
|
Packit Service |
4684c1 |
* connection, otherwise he may ignore the alert and continue.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The error code of the underlying record send function will be
|
|
Packit Service |
4684c1 |
* returned, so you may also receive %GNUTLS_E_INTERRUPTED or
|
|
Packit Service |
4684c1 |
* %GNUTLS_E_AGAIN as well.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
|
|
Packit Service |
4684c1 |
* an error code is returned.
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
gnutls_alert_send(gnutls_session_t session, gnutls_alert_level_t level,
|
|
Packit Service |
4684c1 |
gnutls_alert_description_t desc)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
uint8_t data[2];
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
const char *name;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
data[0] = (uint8_t) level;
|
|
Packit Service |
4684c1 |
data[1] = (uint8_t) desc;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
name = gnutls_alert_get_name((gnutls_alert_description_t) data[1]);
|
|
Packit Service |
4684c1 |
if (name == NULL)
|
|
Packit Service |
4684c1 |
name = "(unknown)";
|
|
Packit Service |
4684c1 |
_gnutls_record_log("REC: Sending Alert[%d|%d] - %s\n", data[0],
|
|
Packit Service |
4684c1 |
data[1], name);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ((ret =
|
|
Packit Service |
4684c1 |
_gnutls_send_int(session, GNUTLS_ALERT, -1,
|
|
Packit Service |
4684c1 |
EPOCH_WRITE_CURRENT, data, 2,
|
|
Packit Service |
4684c1 |
MBUFFER_FLUSH)) >= 0)
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_error_to_alert:
|
|
Packit Service |
4684c1 |
* @err: is a negative integer
|
|
Packit Service |
4684c1 |
* @level: the alert level will be stored there
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Get an alert depending on the error code returned by a gnutls
|
|
Packit Service |
4684c1 |
* function. All alerts sent by this function should be considered
|
|
Packit Service |
4684c1 |
* fatal. The only exception is when @err is %GNUTLS_E_REHANDSHAKE,
|
|
Packit Service |
4684c1 |
* where a warning alert should be sent to the peer indicating that no
|
|
Packit Service |
4684c1 |
* renegotiation will be performed.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* If there is no mapping to a valid alert the alert to indicate
|
|
Packit Service |
4684c1 |
* internal error (%GNUTLS_A_INTERNAL_ERROR) is returned.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: the alert code to use for a particular error code.
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
int gnutls_error_to_alert(int err, int *level)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret, _level = -1;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
switch (err) { /* send appropriate alert */
|
|
Packit Service |
4684c1 |
case GNUTLS_E_PK_SIG_VERIFY_FAILED:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_ERROR_IN_FINISHED_PACKET:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_DECRYPT_ERROR;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_DECRYPTION_FAILED:
|
|
Packit Service |
4684c1 |
/* GNUTLS_A_DECRYPTION_FAILED is not sent, because
|
|
Packit Service |
4684c1 |
* it is not defined in SSL3. Note that we must
|
|
Packit Service |
4684c1 |
* not distinguish Decryption failures from mac
|
|
Packit Service |
4684c1 |
* check failures, due to the possibility of some
|
|
Packit Service |
4684c1 |
* attacks.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_BAD_RECORD_MAC;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_NO_CERTIFICATE_FOUND:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_HANDSHAKE_TOO_LARGE:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_DECODE_ERROR;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_DECOMPRESSION_FAILED:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_DECOMPRESSION_FAILURE;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_ILLEGAL_PARAMETER:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_ILLEGAL_SRP_USERNAME:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_PK_INVALID_PUBKEY:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_RECEIVED_DISALLOWED_NAME:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_ILLEGAL_PARAMETER;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_UNKNOWN_SRP_USERNAME:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_UNKNOWN_PSK_IDENTITY;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_ASN1_ELEMENT_NOT_FOUND:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_ASN1_DER_ERROR:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_ASN1_VALUE_NOT_FOUND:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_ASN1_GENERIC_ERROR:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_ASN1_VALUE_NOT_VALID:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_ASN1_TAG_ERROR:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_ASN1_TAG_IMPLICIT:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_ASN1_TYPE_ANY_ERROR:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_ASN1_SYNTAX_ERROR:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_ASN1_DER_OVERFLOW:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_CERTIFICATE_ERROR:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_BAD_CERTIFICATE;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_UNKNOWN_CIPHER_SUITE:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_INSUFFICIENT_CREDENTIALS:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_NO_CIPHER_SUITES:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_NO_COMPRESSION_ALGORITHMS:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_SAFE_RENEGOTIATION_FAILED:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_UNKNOWN_PK_ALGORITHM:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_UNWANTED_ALGORITHM:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_NO_COMMON_KEY_SHARE:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_ECC_NO_SUPPORTED_CURVES:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_ECC_UNSUPPORTED_CURVE:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_HANDSHAKE_FAILURE;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_UNSUPPORTED_EXTENSION;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_MISSING_EXTENSION:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_MISSING_EXTENSION;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_USER_ERROR:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_USER_CANCELED;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_UNEXPECTED_PACKET:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_PREMATURE_TERMINATION:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_UNEXPECTED_MESSAGE;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_REHANDSHAKE:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_NO_RENEGOTIATION;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_WARNING;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_UNSUPPORTED_VERSION_PACKET:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_PROTOCOL_VERSION;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_UNSUPPORTED_CERTIFICATE;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_RECORD_OVERFLOW:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_RECORD_OVERFLOW;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_INTERNAL_ERROR:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_NO_TEMPORARY_DH_PARAMS:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_NO_TEMPORARY_RSA_PARAMS:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_INTERNAL_ERROR;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_INAPPROPRIATE_FALLBACK:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_INAPPROPRIATE_FALLBACK;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_OPENPGP_GETKEY_FAILED:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_CERTIFICATE_UNOBTAINABLE;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_DH_PRIME_UNACCEPTABLE:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_SESSION_USER_ID_CHANGED:
|
|
Packit Service |
4684c1 |
case GNUTLS_E_INSUFFICIENT_SECURITY:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_INSUFFICIENT_SECURITY;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_NO_APPLICATION_PROTOCOL:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_NO_APPLICATION_PROTOCOL;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_UNRECOGNIZED_NAME:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_UNRECOGNIZED_NAME;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_E_CERTIFICATE_REQUIRED:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_CERTIFICATE_REQUIRED;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
default:
|
|
Packit Service |
4684c1 |
ret = GNUTLS_A_INTERNAL_ERROR;
|
|
Packit Service |
4684c1 |
_level = GNUTLS_AL_FATAL;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (level != NULL)
|
|
Packit Service |
4684c1 |
*level = _level;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_alert_send_appropriate:
|
|
Packit Service |
4684c1 |
* @session: is a #gnutls_session_t type.
|
|
Packit Service |
4684c1 |
* @err: is an error code returned by another GnuTLS function
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Sends an alert to the peer depending on the error code returned by
|
|
Packit Service |
4684c1 |
* a gnutls function. This function will call gnutls_error_to_alert()
|
|
Packit Service |
4684c1 |
* to determine the appropriate alert to send.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function may also return %GNUTLS_E_AGAIN, or
|
|
Packit Service |
4684c1 |
* %GNUTLS_E_INTERRUPTED.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function historically was always sending an alert to the
|
|
Packit Service |
4684c1 |
* peer, even if @err was inappropriate to respond with an alert
|
|
Packit Service |
4684c1 |
* (e.g., %GNUTLS_E_SUCCESS). Since 3.6.6 this function returns
|
|
Packit Service |
4684c1 |
* success without transmitting any data on error codes that
|
|
Packit Service |
4684c1 |
* should not result to an alert.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
|
|
Packit Service |
4684c1 |
* an error code is returned.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
int gnutls_alert_send_appropriate(gnutls_session_t session, int err)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int alert;
|
|
Packit Service |
4684c1 |
int level;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (err != GNUTLS_E_REHANDSHAKE && (!gnutls_error_is_fatal(err) ||
|
|
Packit Service |
4684c1 |
err == GNUTLS_E_FATAL_ALERT_RECEIVED))
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(0);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
alert = gnutls_error_to_alert(err, &level);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return gnutls_alert_send(session, (gnutls_alert_level_t)level, alert);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_alert_get:
|
|
Packit Service |
4684c1 |
* @session: is a #gnutls_session_t type.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function will return the last alert number received. This
|
|
Packit Service |
4684c1 |
* function should be called when %GNUTLS_E_WARNING_ALERT_RECEIVED or
|
|
Packit Service |
4684c1 |
* %GNUTLS_E_FATAL_ALERT_RECEIVED errors are returned by a gnutls
|
|
Packit Service |
4684c1 |
* function. The peer may send alerts if he encounters an error.
|
|
Packit Service |
4684c1 |
* If no alert has been received the returned value is undefined.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: the last alert received, a
|
|
Packit Service |
4684c1 |
* #gnutls_alert_description_t value.
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
gnutls_alert_description_t gnutls_alert_get(gnutls_session_t session)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
return (gnutls_alert_description_t)session->internals.last_alert;
|
|
Packit Service |
4684c1 |
}
|