diff options
author | Richard Levitte <levitte@openssl.org> | 2002-03-31 03:36:17 +0400 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2002-03-31 03:36:17 +0400 |
commit | c14688ec73d9c5fa7b85c55f947b301d26425973 (patch) | |
tree | a838210647d5f9fc17a4240c27b2250aa4905eed /ssl | |
parent | ff0a0c46a7ba5d48054aced40c121be6cb7f34f6 (diff) |
Merge in changes from 0.9.6-stable. This should definitely be done a
little more often.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_both.c | 7 | ||||
-rw-r--r-- | ssl/s3_lib.c | 15 | ||||
-rw-r--r-- | ssl/ssltest.c | 13 |
3 files changed, 26 insertions, 9 deletions
diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 3f09b8bc17..49b159d290 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -528,6 +528,8 @@ int ssl_verify_alarm_type(long type) case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_CRL_NOT_YET_VALID: + case X509_V_ERR_CERT_UNTRUSTED: + case X509_V_ERR_CERT_REJECTED: al=SSL_AD_BAD_CERTIFICATE; break; case X509_V_ERR_CERT_SIGNATURE_FAILURE: @@ -549,11 +551,16 @@ int ssl_verify_alarm_type(long type) case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: case X509_V_ERR_CERT_CHAIN_TOO_LONG: + case X509_V_ERR_PATH_LENGTH_EXCEEDED: + case X509_V_ERR_INVALID_CA: al=SSL_AD_UNKNOWN_CA; break; case X509_V_ERR_APPLICATION_VERIFICATION: al=SSL_AD_HANDSHAKE_FAILURE; break; + case X509_V_ERR_INVALID_PURPOSE: + al=SSL_AD_UNSUPPORTED_CERTIFICATE; + break; default: al=SSL_AD_CERTIFICATE_UNKNOWN; break; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c32c06de32..597343232f 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -170,7 +170,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_ADH_RC4_128_MD5, SSL3_CK_ADH_RC4_128_MD5, SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, @@ -196,7 +196,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_ADH_DES_64_CBC_SHA, SSL3_CK_ADH_DES_64_CBC_SHA, SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_LOW, 0, 56, 56, @@ -209,7 +209,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_ADH_DES_192_CBC_SHA, SSL3_CK_ADH_DES_192_CBC_SHA, SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_HIGH, 0, 168, 168, @@ -518,7 +518,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_FZA_DMS_RC4_SHA, SSL3_CK_FZA_DMS_RC4_SHA, SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, @@ -612,7 +612,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_MEDIUM, 0, 128, 128, @@ -693,6 +693,9 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u) int ssl3_pending(SSL *s) { + if (s->rstate == SSL_ST_READ_BODY) + return 0; + return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; } diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 2ef8a50785..ebd3b527df 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -848,10 +848,10 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (num > 1) --num; /* test restartability even more thoroughly */ - r = BIO_nwrite(io1, &dataptr, (int)num); + r = BIO_nwrite0(io1, &dataptr); assert(r > 0); - assert(r <= (int)num); - num = r; + if (r < num) + num = r; r = BIO_read(io2, dataptr, (int)num); if (r != (int)num) /* can't happen */ { @@ -860,6 +860,13 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, goto err; } progress = 1; + r = BIO_nwrite(io1, &dataptr, (int)num); + if (r != (int)num) /* can't happen */ + { + fprintf(stderr, "ERROR: BIO_nwrite() did not accept " + "BIO_nwrite0() bytes"); + goto err; + } if (debug) printf((io2 == client_io) ? |