ssl_read() stops returning non-application data
diff --git a/ChangeLog b/ChangeLog
index ae061e8..f2e0862 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,8 @@
* Fix compile error in timing.c when POLARSSL_NET_C and POLARSSL_SELFTEST
are defined but not POLARSSL_HAVE_TIME (found by Stephane Di Vito).
* Remove non-existent file from VS projects (found by Peter Vaskovic).
+ * ssl_read() could return non-application data records on server while
+ renegotation was pending, and on client when a HelloRequest was received.
Changes
* Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no
@@ -18,6 +20,8 @@
ambiguous on how to encode some packets with SSL 3.0).
* Made buffer size in pk_write_(pub)key_pem() more dynamic, eg smaller if
RSA is disabled, larger if POLARSSL_MPI_MAX_SIZE is larger.
+ * ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than
+ POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts.
= PolarSSL 1.3.8 released 2014-07-11
Security
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ac82dfb..1d68d96 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4357,9 +4357,10 @@
SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
return( ret );
}
-
- return( POLARSSL_ERR_NET_WANT_READ );
}
+
+ /* Tell the user to call ssl_read() again */
+ return( POLARSSL_ERR_NET_WANT_READ );
}
else if( ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
{
@@ -4373,7 +4374,15 @@
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
}
}
- else if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
+
+ /* Fatal and closure alerts handled by ssl_read_record() */
+ if( ssl->in_msgtype == SSL_MSG_ALERT )
+ {
+ SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) );
+ return( POLARSSL_ERR_NET_WANT_READ );
+ }
+
+ if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
{
SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
