Provide an error framework for use with the TLSv1.3 code.

This is based on the libtls error handling code, but adds machine readable codes and subcodes. We then map these codes back to libssl error codes. ok beck@ inoguchi@
author: jsing <> 2020-01-20 13:10:37 +0000
committer: jsing <> 2020-01-20 13:10:37 +0000
commit: b9ba33b0c7f77fc7b3e33c32ded38da7ee4c7c55 (patch)
tree: cfa7f8e8231dba5be24e1ea4325ed5f91b57cb43 /src/lib/libssl/tls13_client.c
parent: 101a098151714705f06800dd03668b1d84167aa1 (diff)
download: openbsd-b9ba33b0c7f77fc7b3e33c32ded38da7ee4c7c55.tar.gz
openbsd-b9ba33b0c7f77fc7b3e33c32ded38da7ee4c7c55.tar.bz2
openbsd-b9ba33b0c7f77fc7b3e33c32ded38da7ee4c7c55.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 6dcf8c85b6..07b9ede345 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.19 2019/11/17 06:30:12 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.20 2020/01/20 13:10:37 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -499,6 +499,8 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx)
        if (ssl_verify_cert_chain(s, certs) <= 0 &&
            s->verify_mode != SSL_VERIFY_NONE) {
                /* XXX send alert */
+                tls13_set_errorx(ctx, TLS13_ERR_VERIFY_FAILED, 0,
+                    "failed to verify peer certificate", NULL);
                goto err;
        }
        ERR_clear_error();
author	jsing <>	2020-01-20 13:10:37 +0000
committer	jsing <>	2020-01-20 13:10:37 +0000
commit	b9ba33b0c7f77fc7b3e33c32ded38da7ee4c7c55 (patch)
tree	cfa7f8e8231dba5be24e1ea4325ed5f91b57cb43 /src/lib/libssl/tls13_client.c
parent	101a098151714705f06800dd03668b1d84167aa1 (diff)
download	openbsd-b9ba33b0c7f77fc7b3e33c32ded38da7ee4c7c55.tar.gz openbsd-b9ba33b0c7f77fc7b3e33c32ded38da7ee4c7c55.tar.bz2 openbsd-b9ba33b0c7f77fc7b3e33c32ded38da7ee4c7c55.zip