Commit 4041f9cd authored by Oleksii Beketov's avatar Oleksii Beketov

Bad hello on TLS closure

Prevent treating reciprocal close_notify alert
as an error after TSL connection closure.

Change-Id: I22bc91a2f3c3e9bc13438588ca17b5944fcdc48f
Signed-off-by: default avatarOleksii Beketov <ol.beketov@samsung.com>
parent e8df8550
...@@ -1186,17 +1186,28 @@ static bool checkSslOperation(SslEndPoint_t* peer, ...@@ -1186,17 +1186,28 @@ static bool checkSslOperation(SslEndPoint_t* peer,
(MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY != ret) && (MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY != ret) &&
(MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL != ret)) (MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL != ret))
{ {
size_t bufSize = 1024; if (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO == ret)
char *bufMsg = (char*)OICCalloc(1, bufSize);
if (bufMsg)
{ {
mbedtls_strerror(ret, bufMsg, bufSize); unsigned char *buf = peer->ssl.in_hdr;
OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: 0x%X: %s", __func__, -ret, bufMsg); if (buf[0] == 0x15)
OICFree(bufMsg); {
OIC_LOG_V(INFO, NET_SSL_TAG, "encrypted alert message received");
}
} }
else else
{ {
OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: -0x%x", (str), -ret); size_t bufSize = 1024;
char *bufMsg = (char*)OICCalloc(1, bufSize);
if (bufMsg)
{
mbedtls_strerror(ret, bufMsg, bufSize);
OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: 0x%X: %s", __func__, -ret, bufMsg);
OICFree(bufMsg);
}
else
{
OIC_LOG_V(ERROR, NET_SSL_TAG, "%s: -0x%x", (str), -ret);
}
} }
// Make a copy of the endpoint, because the callback might // Make a copy of the endpoint, because the callback might
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment