Ignore non-fatal TLS_ALERT_MSG.
authorNIIBE Yutaka <gniibe@fsij.org>
Mon, 16 Jan 2017 10:44:55 +0000 (19:44 +0900)
committerNIIBE Yutaka <gniibe@fsij.org>
Mon, 16 Jan 2017 10:44:55 +0000 (19:44 +0900)
* src/protocol.c (_ntbtls_read_record): Skip to next message.

--

The bug is describe in MbedTLS:

https://tls.mbed.org/discussions/bug-report-issues/mishandling-of-non-fatal-alerts-client-side

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
src/protocol.c

index 8e0fca5..5e8361c 100644 (file)
@@ -1529,6 +1529,7 @@ _ntbtls_read_record (ntbtls_t tls)
 
   tls->in_hslen = 0;
 
+read_record_header:
   /*
    * Read the record header and validate it
    */
@@ -1718,6 +1719,9 @@ _ntbtls_read_record (ntbtls_t tls)
           debug_msg (2, "is a close notify message");
           return gpg_error (GPG_ERR_CLOSE_NOTIFY);
         }
+
+      tls->in_left = 0;
+      goto read_record_header;
     }
 
   tls->in_left = 0;