From 4da4912184d7585c1156f7bf674490329e917635 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Thu, 26 Jan 2017 07:20:57 +0000
Subject: Limit the number of sequential empty records that we will process
 before yielding, and fail if we exceed a maximum. loosely based on what
 boring and openssl are doing ok jsing@

---
 src/lib/libssl/ssl_err.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_err.c')

diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 04742b60ca..efe3e9473f 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.29 2015/02/22 15:54:27 jsing Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.30 2017/01/26 07:20:57 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -597,6 +597,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
 	{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER)  , "wrong version number"},
 	{ERR_REASON(SSL_R_X509_LIB)              , "x509 lib"},
 	{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"},
+	{ERR_REASON(SSL_R_PEER_BEHAVING_BADLY)   ,"peer is doing strange or hostile things"},
 	{0, NULL}
 };
 
-- 
cgit v1.2.3-55-g6feb