Provide SSL_R_UNKNOWN.

This allows us to indicate that the cause of the failure is unknown, rather than implying that it was an internal error when it was not. ok beck@
author: jsing <> 2020-01-21 05:19:02 +0000
committer: jsing <> 2020-01-21 05:19:02 +0000
commit: 460496e02df69c7c7be18c9b45a095914ee59be4 (patch)
tree: db92f8cad8bd91994d19bc6916dbc4522fb4ef95 /src
parent: f9666f9db9296ab0643d410ce0eb3486772e422d (diff)
download: openbsd-460496e02df69c7c7be18c9b45a095914ee59be4.tar.gz
openbsd-460496e02df69c7c7be18c9b45a095914ee59be4.tar.bz2
openbsd-460496e02df69c7c7be18c9b45a095914ee59be4.zip
3 files changed, 7 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 521fb537de..8ac05ca70f 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.167 2020/01/02 06:37:13 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.168 2020/01/21 05:19:02 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2162,6 +2162,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_X509_LIB                                   268
 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
 #define SSL_R_PEER_BEHAVING_BADLY                        666
+#define SSL_R_UNKNOWN                                    999
 /*
 * OpenSSL compatible OPENSSL_INIT options
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 250a9eef6b..cbc2898234 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.36 2018/03/20 15:28:12 tb Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.37 2020/01/21 05:19:02 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -462,7 +462,8 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
        {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER)  , "wrong version number"},
        {ERR_REASON(SSL_R_X509_LIB)              , "x509 lib"},
        {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"},
-        {ERR_REASON(SSL_R_PEER_BEHAVING_BADLY)   ,"peer is doing strange or hostile things"},
+        {ERR_REASON(SSL_R_PEER_BEHAVING_BADLY), "peer is doing strange or hostile things"},
+        {ERR_REASON(SSL_R_UNKNOWN), "unknown failure occurred"},
        {0, NULL}
 };
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index fbd7a9a83a..451e798cb8 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.15 2020/01/21 04:45:18 tb Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.16 2020/01/21 05:19:02 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -346,7 +346,7 @@ static void
 tls13_legacy_error(SSL *ssl)
 {
        struct tls13_ctx *ctx = ssl->internal->tls13;
-        int reason = ERR_R_INTERNAL_ERROR;
+        int reason = SSL_R_UNKNOWN;
        switch (ctx->error.code) {
        case TLS13_ERR_VERIFY_FAILED:
author	jsing <>	2020-01-21 05:19:02 +0000
committer	jsing <>	2020-01-21 05:19:02 +0000
commit	460496e02df69c7c7be18c9b45a095914ee59be4 (patch)
tree	db92f8cad8bd91994d19bc6916dbc4522fb4ef95 /src
parent	f9666f9db9296ab0643d410ce0eb3486772e422d (diff)
download	openbsd-460496e02df69c7c7be18c9b45a095914ee59be4.tar.gz openbsd-460496e02df69c7c7be18c9b45a095914ee59be4.tar.bz2 openbsd-460496e02df69c7c7be18c9b45a095914ee59be4.zip