kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
67cb49d045
boringssl/ssl
History
David Benjamin 8f1e113a73 Ensure verify error is set when X509_verify_cert() fails. 
Set ctx->error = X509_V_ERR_OUT_OF_MEM when verification cannot
continue due to malloc failure.  Similarly for issuer lookup failures
and caller errors (bad parameters or invalid state).

Also, when X509_verify_cert() returns <= 0 make sure that the
verification status does not remain X509_V_OK, as a last resort set
it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns
an error without setting an appropriate value of ctx->error.

Add new and some missing error codes to X509 error -> SSL alert switch.

(Imported from upstream's 5553a12735e11bc9aa28727afe721e7236788aab.)

Change-Id: I3231a6b2e72a3914cb9316b8e90ebaee009a1c5f
Reviewed-on: https://boringssl-review.googlesource.com/8170
Reviewed-by: David Benjamin <davidben@google.com>
2016-06-09 17:29:39 +00:00
..
pqueue
test Use the new setter for CurrentTimeCallback in bssl_shim. 2016-06-08 23:26:51 +00:00
CMakeLists.txt Rename s3_{clnt,srvr}.c 2016-06-08 19:25:31 +00:00
custom_extensions.c
d1_both.c Trim the DTLS write code slightly. 2016-06-08 19:33:20 +00:00
d1_lib.c Fold the DTLS client handshake into the TLS one. 2016-06-08 19:20:02 +00:00
d1_meth.c A bit of cleanup post state machine merging. 2016-06-08 19:24:32 +00:00
d1_pkt.c Trim the DTLS write code slightly. 2016-06-08 19:33:20 +00:00
d1_srtp.c Make kSRTPProfiles static. 2016-05-13 14:12:22 +00:00
dtls_record.c Make tls_open_record always in-place. 2016-06-08 18:39:07 +00:00
handshake_client.c Rename SERVER_DONE to SERVER_HELLO_DONE. 2016-06-08 19:26:59 +00:00
handshake_server.c Rename SERVER_DONE to SERVER_HELLO_DONE. 2016-06-08 19:26:59 +00:00
internal.h Trim the DTLS write code slightly. 2016-06-08 19:33:20 +00:00
s3_both.c Ensure verify error is set when X509_verify_cert() fails. 2016-06-09 17:29:39 +00:00
s3_enc.c Remove some easy obj.h dependencies. 2016-03-31 20:50:33 +00:00
s3_lib.c Move a bunch of public APIs from s3_lib.c to ssl_lib.c. 2016-06-08 19:27:44 +00:00
s3_meth.c A bit of cleanup post state machine merging. 2016-06-08 19:24:32 +00:00
s3_pkt.c Don't call read_bytes in read_change_cipher_spec. 2016-06-08 18:51:54 +00:00
ssl_aead_ctx.c Make tls_open_record always in-place. 2016-06-08 18:39:07 +00:00
ssl_asn1.c
ssl_buffer.c Push alert handling down into the record functions. 2016-06-08 18:35:58 +00:00
ssl_cert.c Ensure we check i2d_X509 return val 2016-04-26 17:12:01 +00:00
ssl_cipher.c Add SSL_CIPHER_is_DHE. 2016-06-03 17:57:05 +00:00
ssl_ecdh.c Generalizing curves to groups in preparation for TLS 1.3. 2016-05-20 17:43:11 +00:00
ssl_file.c Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit. 2016-04-27 18:40:25 +00:00
ssl_lib.c Adding function to set the "current time" callback used for DTLS. 2016-06-08 22:29:25 +00:00
ssl_rsa.c
ssl_session.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
ssl_stat.c Remove state parameters to ssl3_get_message. 2016-05-18 20:51:48 +00:00
ssl_test.cc Add a unit test for one-sided shutdown. 2016-06-02 19:24:05 +00:00
t1_enc.c Remove some easy obj.h dependencies. 2016-03-31 20:50:33 +00:00
t1_lib.c Generalizing curves to groups in preparation for TLS 1.3. 2016-05-20 17:43:11 +00:00
tls_record.c Make tls_open_record always in-place. 2016-06-08 18:39:07 +00:00