[apple/security.git] / SecureTransport / sslAlertMessage.cpp

/*
 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


/*  *********************************************************************
    File: sslAlertMessage.cpp - SSL3 Alert protocol
    ****************************************************************** */

#include "ssl.h"
#include "sslAlertMessage.h"
#include "sslMemory.h"
#include "sslContext.h"
#include "sslSession.h"
#include "sslDebug.h"
#include "sslUtils.h"

#include <assert.h>

#ifdef	NDEBUG
#define SSLLogAlertMsg(msg,sent)
#else
static void SSLLogAlertMsg(AlertDescription msg, bool sent);
#endif

static OSStatus SSLEncodeAlert(
	SSLRecord &rec, 
	AlertLevel level, 
	AlertDescription desc, 
	SSLContext *ctx);

/*
 * If a peer sends us any kind of a bad cert alert, we may need to adjust
 * ctx->clientCertState accordingly.
 */
static void 
SSLDetectCertRejected(
	SSLContext 			*ctx,
	AlertDescription	desc)
{
	if(ctx->protocolSide == SSL_ServerSide) {
		return;
	}
	if(ctx->clientCertState != kSSLClientCertSent) {
		return;
	}
	switch(desc) {
		case SSL_AlertBadCert:
		case SSL_AlertUnsupportedCert:
		case SSL_AlertCertRevoked:
		case SSL_AlertCertExpired:
		case SSL_AlertCertUnknown:
		case SSL_AlertUnknownCA:
			ctx->clientCertState = kSSLClientCertRejected;
			break;
		default:
			break;
	}
}

OSStatus
SSLProcessAlert(SSLRecord rec, SSLContext *ctx)
{   OSStatus            err = noErr;
    AlertLevel          level;
    AlertDescription    desc;
    uint8               *charPtr;
    uint32              remaining;
    
    if (rec.contents.length % 2 != 0)
    {   
		err = SSLFatalSessionAlert(SSL_AlertIllegalParam, ctx);
        if (!err) {
            err = errSSLProtocol;
		}
        return err;
    }
    
    charPtr = rec.contents.data;
    remaining = rec.contents.length;
	bool fatal = false;
	
    while (remaining > 0)
    {   level = (AlertLevel)*charPtr++;
        desc = (AlertDescription)*charPtr++;
		sslHdskMsgDebug("alert msg recieved level %d   desc %d",
			(int)level, (int)desc);
        remaining -= 2;
        SSLLogAlertMsg(desc, false);
		
        if (level == SSL_AlertLevelFatal) {
			/* explicit fatal errror */
			fatal = true;
            sslHdskMsgDebug("***Fatal alert %d received\n", desc);
        }
        SSLDetectCertRejected(ctx, desc);
		
        switch (desc) {
			/* A number of these are fatal by implication */
            case SSL_AlertUnexpectedMsg:
				err = errSSLPeerUnexpectedMsg;
				fatal = true;
				break;
            case SSL_AlertBadRecordMac:
 				err = errSSLPeerBadRecordMac;
				fatal = true;
				break;
			case SSL_AlertDecryptionFail:
 				err = errSSLPeerDecryptionFail;
				fatal = true;
				break;
            case SSL_AlertRecordOverflow:
 				err = errSSLPeerRecordOverflow;
				fatal = true;
				break;
            case SSL_AlertDecompressFail:
 				err = errSSLPeerDecompressFail;
				fatal = true;
				break;
            case SSL_AlertHandshakeFail:
 				err = errSSLPeerHandshakeFail;
				fatal = true;
				break;
            case SSL_AlertIllegalParam:
 				err = errSSLIllegalParam;
				fatal = true;
				break;
            case SSL_AlertBadCert:
				err = errSSLPeerBadCert;
				break;
            case SSL_AlertUnsupportedCert:
				err = errSSLPeerUnsupportedCert;
				break;
            case SSL_AlertCertRevoked:
				err = errSSLPeerCertRevoked;
				break;
            case SSL_AlertCertExpired:
				err = errSSLPeerCertExpired;
				break;
            case SSL_AlertCertUnknown:
                err = errSSLPeerCertUnknown;
                break;
            case SSL_AlertUnknownCA:
                err = errSSLPeerUnknownCA;
                break;
            case SSL_AlertAccessDenied:
                err = errSSLPeerAccessDenied;
                break;
            case SSL_AlertDecodeError:
                err = errSSLPeerDecodeError;
                break;
            case SSL_AlertDecryptError:
                err = errSSLPeerDecryptError;
                break;
            case SSL_AlertExportRestriction:
                err = errSSLPeerExportRestriction;
                break;
            case SSL_AlertProtocolVersion:
                err = errSSLPeerProtocolVersion;
                break;
            case SSL_AlertInsufficientSecurity:
                err = errSSLPeerInsufficientSecurity;
                break;
            case SSL_AlertInternalError:
                err = errSSLPeerInternalError;
                break;
            case SSL_AlertUserCancelled:
                err = errSSLPeerUserCancelled;
                break;
            case SSL_AlertNoRenegotiation:
                err = errSSLPeerNoRenegotiation;
                break;
			/* unusual cases.... */
            case SSL_AlertCloseNotify:
				/* the clean "we're done" case */
                SSLClose(ctx);
                err = noErr;
                break;
            case SSL_AlertNoCert:
                if((ctx->state == SSL_HdskStateClientCert) &&
				   (ctx->protocolSide == SSL_ServerSide) &&
				   (ctx->clientAuth != kAlwaysAuthenticate)) {
					/*
					 * Tolerate this unless we're configured to  
					 * *require* a client cert. If a client cert is
					 * required, we'll catch the error at the next 
					 * handshake msg we receive - which will probably
					 * be a client key exchange msg, which is illegal
					 * when we're in state SSL_HdskStateClientCert.
					 * If the client cert is optional, advance to 
					 * state ClientKeyExchange by pretending we
					 * just got a client cert msg. 
					 */
                    if ((err = SSLAdvanceHandshake(SSL_HdskCert, 
							ctx)) != 0) {
                        return err;
					}
				}
                break;
            default:
                /* Unknown alert, ignore if not fatal */
				if(level == SSL_AlertLevelFatal) {
					err = errSSLFatalAlert;
				}
				else {
					err = noErr;
				}
                break;
        }
		if(fatal) {
			/* don't bother processing any more */
			break;
		}
    }
    if(fatal) {
       	SSLDeleteSessionData(ctx);
	}
    return err;
}

OSStatus
SSLSendAlert(AlertLevel level, AlertDescription desc, SSLContext *ctx)
{   SSLRecord       rec;
    OSStatus        err;
    
	switch(ctx->negProtocolVersion) {
		case SSL_Version_Undetermined:
			/* Too early in negotiation to send an alert */
			return noErr;
		case SSL_Version_2_0:
			/* shouldn't be here */
			assert(0);
			return errSSLInternal;
		default:
			break;
	}
	if(ctx->sentFatalAlert) {
		/* no more alerts allowed */
		return noErr;
	}
    if ((err = SSLEncodeAlert(rec, level, desc, ctx)) != 0)
        return err;
	assert(ctx->sslTslCalls != NULL);
	SSLLogAlertMsg(desc, true);
    if ((err = ctx->sslTslCalls->writeRecord(rec, ctx)) != 0)
        return err;
    if ((err = SSLFreeBuffer(rec.contents, ctx)) != 0)
        return err;
    if(desc == SSL_AlertCloseNotify) {
		/* no more alerts allowed */
		ctx->sentFatalAlert = true;
	}
    return noErr;
}

static OSStatus
SSLEncodeAlert(SSLRecord &rec, AlertLevel level, AlertDescription desc, SSLContext *ctx)
{   OSStatus          err;
    
	rec.protocolVersion = ctx->negProtocolVersion;
	rec.contentType = SSL_RecordTypeAlert;
    rec.contents.length = 2;
    if ((err = SSLAllocBuffer(rec.contents, 2, ctx)) != 0)
        return err;
    rec.contents.data[0] = level;
    rec.contents.data[1] = desc;
    
    return noErr;
}

OSStatus
SSLFatalSessionAlert(AlertDescription desc, SSLContext *ctx)
{   OSStatus          err1, err2;
    
    if(desc != SSL_AlertCloseNotify) {
    	sslHdskMsgDebug("SSLFatalSessionAlert: desc %d\n", desc);
    }
    SSLChangeHdskState(ctx, SSL_HdskStateErrorClose);
    
	if(ctx->negProtocolVersion < TLS_Version_1_0) {
		/* translate to SSL3 if necessary */
		switch(desc) {
			case SSL_AlertDecryptionFail:
			case SSL_AlertRecordOverflow:
			case SSL_AlertAccessDenied:
			case SSL_AlertDecodeError:
			case SSL_AlertDecryptError:
			case SSL_AlertExportRestriction:
			case SSL_AlertProtocolVersion:
			case SSL_AlertInsufficientSecurity:
			case SSL_AlertUserCancelled:
			case SSL_AlertNoRenegotiation:
				desc = SSL_AlertHandshakeFail;
				break;
			case SSL_AlertUnknownCA:
				desc = SSL_AlertUnsupportedCert;
				break;
			case SSL_AlertInternalError:
				desc = SSL_AlertCloseNotify;
				break;
			default:
				/* send as is */
				break;
		}
	}
    /* Make session unresumable; I'm not stopping if I get an error,
        because I'd like to attempt to send the alert anyway */
    err1 = SSLDeleteSessionData(ctx);
    
    /* Second, send the alert */
    err2 = SSLSendAlert(SSL_AlertLevelFatal, desc, ctx);
    
	ctx->sentFatalAlert = true;
	
    /* If they both returned errors, arbitrarily return the first */
    return err1 != 0 ? err1 : err2;
}

#ifndef	NDEBUG

/* log alert messages */

static char *alertMsgToStr(AlertDescription msg)
{
	static char badStr[100];
	
	switch(msg) {
		case SSL_AlertCloseNotify:
			return "SSL_AlertCloseNotify";	
		case SSL_AlertUnexpectedMsg:
			return "SSL_AlertUnexpectedMsg";	
		case SSL_AlertBadRecordMac:
			return "SSL_AlertBadRecordMac";	
		case SSL_AlertDecryptionFail:
			return "SSL_AlertDecryptionFail";	
		case SSL_AlertRecordOverflow:
			return "SSL_AlertRecordOverflow";	
		case SSL_AlertDecompressFail:
			return "SSL_AlertDecompressFail";	
		case SSL_AlertHandshakeFail:
			return "SSL_AlertHandshakeFail";	
		case SSL_AlertNoCert:
			return "SSL_AlertNoCert";	
		case SSL_AlertBadCert:
			return "SSL_AlertBadCert";	
		case SSL_AlertUnsupportedCert:
			return "SSL_AlertUnsupportedCert";	
		case SSL_AlertCertRevoked:
			return "SSL_AlertCertRevoked";	
			
		case SSL_AlertCertExpired:
			return "SSL_AlertCertExpired";	
		case SSL_AlertCertUnknown:
			return "SSL_AlertCertUnknown";	
		case SSL_AlertIllegalParam:
			return "SSL_AlertIllegalParam";	
		case SSL_AlertUnknownCA:
			return "SSL_AlertUnknownCA";	
		case SSL_AlertAccessDenied:
			return "SSL_AlertAccessDenied";	
		case SSL_AlertDecodeError:
			return "SSL_AlertDecodeError";	
		case SSL_AlertDecryptError:
			return "SSL_AlertDecryptError";	

		case SSL_AlertExportRestriction:
			return "SSL_AlertExportRestriction";	
		case SSL_AlertProtocolVersion:
			return "SSL_AlertProtocolVersion";	
		case SSL_AlertInsufficientSecurity:
			return "SSL_AlertInsufficientSecurity";	
		case SSL_AlertInternalError:
			return "SSL_AlertInternalError";	
		case SSL_AlertUserCancelled:
			return "SSL_AlertUserCancelled";	
		case SSL_AlertNoRenegotiation:
			return "SSL_AlertNoRenegotiation";	

		default:
			sprintf(badStr, "Unknown state (%d(d)", msg);
			return badStr;
	}
}

static void SSLLogAlertMsg(AlertDescription msg, bool sent)
{
	sslHdskMsgDebug("---%s alert msg %s", 
		alertMsgToStr(msg), (sent ? "sent" : "recv"));
}

#endif	/* NDEBUG */
Commit	Line	Data
5a719ac8 A	1	/*
	2	* Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18
	19	/* *********************************************************************
	20	File: sslAlertMessage.cpp - SSL3 Alert protocol
	21	****************************************************************** */
	22
	23	#include "ssl.h"
	24	#include "sslAlertMessage.h"
	25	#include "sslMemory.h"
	26	#include "sslContext.h"
	27	#include "sslSession.h"
	28	#include "sslDebug.h"
df0e469f	29	#include "sslUtils.h"
5a719ac8 A	30
	31	#include <assert.h>
	32
	33	#ifdef NDEBUG
	34	#define SSLLogAlertMsg(msg,sent)
	35	#else
	36	static void SSLLogAlertMsg(AlertDescription msg, bool sent);
	37	#endif
	38
df0e469f A	39	static OSStatus SSLEncodeAlert(
	40	SSLRecord &rec,
	41	AlertLevel level,
	42	AlertDescription desc,
	43	SSLContext *ctx);
	44
	45	/*
	46	* If a peer sends us any kind of a bad cert alert, we may need to adjust
	47	* ctx->clientCertState accordingly.
	48	*/
	49	static void
	50	SSLDetectCertRejected(
	51	SSLContext *ctx,
	52	AlertDescription desc)
	53	{
	54	if(ctx->protocolSide == SSL_ServerSide) {
	55	return;
	56	}
	57	if(ctx->clientCertState != kSSLClientCertSent) {
	58	return;
	59	}
	60	switch(desc) {
	61	case SSL_AlertBadCert:
	62	case SSL_AlertUnsupportedCert:
	63	case SSL_AlertCertRevoked:
	64	case SSL_AlertCertExpired:
	65	case SSL_AlertCertUnknown:
	66	case SSL_AlertUnknownCA:
	67	ctx->clientCertState = kSSLClientCertRejected;
	68	break;
	69	default:
	70	break;
	71	}
	72	}
	73
5a719ac8 A	74	OSStatus
	75	SSLProcessAlert(SSLRecord rec, SSLContext *ctx)
	76	{ OSStatus err = noErr;
	77	AlertLevel level;
	78	AlertDescription desc;
	79	uint8 *charPtr;
	80	uint32 remaining;
	81
	82	if (rec.contents.length % 2 != 0)
	83	{
	84	err = SSLFatalSessionAlert(SSL_AlertIllegalParam, ctx);
	85	if (!err) {
	86	err = errSSLProtocol;
	87	}
	88	return err;
	89	}
	90
	91	charPtr = rec.contents.data;
	92	remaining = rec.contents.length;
df0e469f A	93	bool fatal = false;
df0e469f A	94
5a719ac8 A	95	while (remaining > 0)
	96	{ level = (AlertLevel)*charPtr++;
	97	desc = (AlertDescription)*charPtr++;
df0e469f	98	sslHdskMsgDebug("alert msg recieved level %d desc %d",
5a719ac8 A	99	(int)level, (int)desc);
	100	remaining -= 2;
	101	SSLLogAlertMsg(desc, false);
	102
df0e469f A	103	if (level == SSL_AlertLevelFatal) {
	104	/* explicit fatal errror */
	105	fatal = true;
	106	sslHdskMsgDebug("***Fatal alert %d received\n", desc);
5a719ac8	107	}
df0e469f A	108	SSLDetectCertRejected(ctx, desc);
	109
	110	switch (desc) {
	111	/* A number of these are fatal by implication */
	112	case SSL_AlertUnexpectedMsg:
	113	err = errSSLPeerUnexpectedMsg;
	114	fatal = true;
	115	break;
5a719ac8	116	case SSL_AlertBadRecordMac:
df0e469f A	117	err = errSSLPeerBadRecordMac;
	118	fatal = true;
	119	break;
	120	case SSL_AlertDecryptionFail:
	121	err = errSSLPeerDecryptionFail;
	122	fatal = true;
	123	break;
	124	case SSL_AlertRecordOverflow:
	125	err = errSSLPeerRecordOverflow;
	126	fatal = true;
	127	break;
5a719ac8	128	case SSL_AlertDecompressFail:
df0e469f A	129	err = errSSLPeerDecompressFail;
	130	fatal = true;
	131	break;
5a719ac8	132	case SSL_AlertHandshakeFail:
df0e469f A	133	err = errSSLPeerHandshakeFail;
	134	fatal = true;
	135	break;
5a719ac8	136	case SSL_AlertIllegalParam:
df0e469f A	137	err = errSSLIllegalParam;
	138	fatal = true;
	139	break;
	140	case SSL_AlertBadCert:
	141	err = errSSLPeerBadCert;
	142	break;
	143	case SSL_AlertUnsupportedCert:
	144	err = errSSLPeerUnsupportedCert;
	145	break;
	146	case SSL_AlertCertRevoked:
	147	err = errSSLPeerCertRevoked;
	148	break;
	149	case SSL_AlertCertExpired:
	150	err = errSSLPeerCertExpired;
	151	break;
	152	case SSL_AlertCertUnknown:
	153	err = errSSLPeerCertUnknown;
	154	break;
	155	case SSL_AlertUnknownCA:
	156	err = errSSLPeerUnknownCA;
	157	break;
	158	case SSL_AlertAccessDenied:
	159	err = errSSLPeerAccessDenied;
	160	break;
	161	case SSL_AlertDecodeError:
	162	err = errSSLPeerDecodeError;
	163	break;
	164	case SSL_AlertDecryptError:
	165	err = errSSLPeerDecryptError;
	166	break;
	167	case SSL_AlertExportRestriction:
	168	err = errSSLPeerExportRestriction;
	169	break;
	170	case SSL_AlertProtocolVersion:
	171	err = errSSLPeerProtocolVersion;
	172	break;
	173	case SSL_AlertInsufficientSecurity:
	174	err = errSSLPeerInsufficientSecurity;
	175	break;
	176	case SSL_AlertInternalError:
	177	err = errSSLPeerInternalError;
	178	break;
	179	case SSL_AlertUserCancelled:
	180	err = errSSLPeerUserCancelled;
5a719ac8	181	break;
df0e469f A	182	case SSL_AlertNoRenegotiation:
	183	err = errSSLPeerNoRenegotiation;
	184	break;
	185	/* unusual cases.... */
5a719ac8	186	case SSL_AlertCloseNotify:
df0e469f	187	/* the clean "we're done" case */
5a719ac8 A	188	SSLClose(ctx);
	189	err = noErr;
	190	break;
	191	case SSL_AlertNoCert:
	192	if((ctx->state == SSL_HdskStateClientCert) &&
	193	(ctx->protocolSide == SSL_ServerSide) &&
	194	(ctx->clientAuth != kAlwaysAuthenticate)) {
	195	/*
	196	* Tolerate this unless we're configured to
	197	* require a client cert. If a client cert is
	198	* required, we'll catch the error at the next
	199	* handshake msg we receive - which will probably
	200	* be a client key exchange msg, which is illegal
	201	* when we're in state SSL_HdskStateClientCert.
	202	* If the client cert is optional, advance to
	203	* state ClientKeyExchange by pretending we
	204	* just got a client cert msg.
	205	*/
	206	if ((err = SSLAdvanceHandshake(SSL_HdskCert,
	207	ctx)) != 0) {
	208	return err;
	209	}
	210	}
	211	break;
5a719ac8	212	default:
df0e469f A	213	/* Unknown alert, ignore if not fatal */
	214	if(level == SSL_AlertLevelFatal) {
	215	err = errSSLFatalAlert;
	216	}
	217	else {
	218	err = noErr;
	219	}
5a719ac8 A	220	break;
5a719ac8 A	221	}
df0e469f A	222	if(fatal) {
	223	/* don't bother processing any more */
	224	break;
	225	}
5a719ac8	226	}
df0e469f A	227	if(fatal) {
	228	SSLDeleteSessionData(ctx);
	229	}
5a719ac8 A	230	return err;
	231	}
	232
	233	OSStatus
	234	SSLSendAlert(AlertLevel level, AlertDescription desc, SSLContext *ctx)
	235	{ SSLRecord rec;
	236	OSStatus err;
	237
df0e469f A	238	switch(ctx->negProtocolVersion) {
	239	case SSL_Version_Undetermined:
	240	/* Too early in negotiation to send an alert */
	241	return noErr;
	242	case SSL_Version_2_0:
	243	/* shouldn't be here */
	244	assert(0);
	245	return errSSLInternal;
	246	default:
	247	break;
	248	}
	249	if(ctx->sentFatalAlert) {
	250	/* no more alerts allowed */
	251	return noErr;
	252	}
5a719ac8 A	253	if ((err = SSLEncodeAlert(rec, level, desc, ctx)) != 0)
	254	return err;
	255	assert(ctx->sslTslCalls != NULL);
	256	SSLLogAlertMsg(desc, true);
	257	if ((err = ctx->sslTslCalls->writeRecord(rec, ctx)) != 0)
	258	return err;
	259	if ((err = SSLFreeBuffer(rec.contents, ctx)) != 0)
	260	return err;
df0e469f A	261	if(desc == SSL_AlertCloseNotify) {
	262	/* no more alerts allowed */
	263	ctx->sentFatalAlert = true;
	264	}
5a719ac8 A	265	return noErr;
	266	}
	267
df0e469f	268	static OSStatus
5a719ac8 A	269	SSLEncodeAlert(SSLRecord &rec, AlertLevel level, AlertDescription desc, SSLContext *ctx)
	270	{ OSStatus err;
	271
df0e469f A	272	rec.protocolVersion = ctx->negProtocolVersion;
df0e469f A	273	rec.contentType = SSL_RecordTypeAlert;
5a719ac8 A	274	rec.contents.length = 2;
	275	if ((err = SSLAllocBuffer(rec.contents, 2, ctx)) != 0)
	276	return err;
	277	rec.contents.data[0] = level;
	278	rec.contents.data[1] = desc;
	279
	280	return noErr;
	281	}
	282
	283	OSStatus
	284	SSLFatalSessionAlert(AlertDescription desc, SSLContext *ctx)
	285	{ OSStatus err1, err2;
	286
	287	if(desc != SSL_AlertCloseNotify) {
df0e469f	288	sslHdskMsgDebug("SSLFatalSessionAlert: desc %d\n", desc);
5a719ac8 A	289	}
	290	SSLChangeHdskState(ctx, SSL_HdskStateErrorClose);
	291
df0e469f A	292	if(ctx->negProtocolVersion < TLS_Version_1_0) {
	293	/* translate to SSL3 if necessary */
	294	switch(desc) {
	295	case SSL_AlertDecryptionFail:
	296	case SSL_AlertRecordOverflow:
	297	case SSL_AlertAccessDenied:
	298	case SSL_AlertDecodeError:
	299	case SSL_AlertDecryptError:
	300	case SSL_AlertExportRestriction:
	301	case SSL_AlertProtocolVersion:
	302	case SSL_AlertInsufficientSecurity:
	303	case SSL_AlertUserCancelled:
	304	case SSL_AlertNoRenegotiation:
	305	desc = SSL_AlertHandshakeFail;
	306	break;
	307	case SSL_AlertUnknownCA:
	308	desc = SSL_AlertUnsupportedCert;
	309	break;
	310	case SSL_AlertInternalError:
	311	desc = SSL_AlertCloseNotify;
	312	break;
	313	default:
	314	/* send as is */
	315	break;
	316	}
	317	}
5a719ac8 A	318	/* Make session unresumable; I'm not stopping if I get an error,
	319	because I'd like to attempt to send the alert anyway */
	320	err1 = SSLDeleteSessionData(ctx);
	321
	322	/* Second, send the alert */
	323	err2 = SSLSendAlert(SSL_AlertLevelFatal, desc, ctx);
	324
df0e469f A	325	ctx->sentFatalAlert = true;
df0e469f A	326
5a719ac8 A	327	/* If they both returned errors, arbitrarily return the first */
	328	return err1 != 0 ? err1 : err2;
	329	}
	330
	331	#ifndef NDEBUG
	332
	333	/* log alert messages */
	334
	335	static char *alertMsgToStr(AlertDescription msg)
	336	{
	337	static char badStr[100];
	338
	339	switch(msg) {
	340	case SSL_AlertCloseNotify:
	341	return "SSL_AlertCloseNotify";
	342	case SSL_AlertUnexpectedMsg:
	343	return "SSL_AlertUnexpectedMsg";
	344	case SSL_AlertBadRecordMac:
	345	return "SSL_AlertBadRecordMac";
	346	case SSL_AlertDecryptionFail:
	347	return "SSL_AlertDecryptionFail";
	348	case SSL_AlertRecordOverflow:
	349	return "SSL_AlertRecordOverflow";
	350	case SSL_AlertDecompressFail:
	351	return "SSL_AlertDecompressFail";
	352	case SSL_AlertHandshakeFail:
	353	return "SSL_AlertHandshakeFail";
	354	case SSL_AlertNoCert:
	355	return "SSL_AlertNoCert";
	356	case SSL_AlertBadCert:
	357	return "SSL_AlertBadCert";
	358	case SSL_AlertUnsupportedCert:
	359	return "SSL_AlertUnsupportedCert";
	360	case SSL_AlertCertRevoked:
	361	return "SSL_AlertCertRevoked";
	362
	363	case SSL_AlertCertExpired:
	364	return "SSL_AlertCertExpired";
	365	case SSL_AlertCertUnknown:
	366	return "SSL_AlertCertUnknown";
	367	case SSL_AlertIllegalParam:
	368	return "SSL_AlertIllegalParam";
	369	case SSL_AlertUnknownCA:
	370	return "SSL_AlertUnknownCA";
	371	case SSL_AlertAccessDenied:
	372	return "SSL_AlertAccessDenied";
	373	case SSL_AlertDecodeError:
	374	return "SSL_AlertDecodeError";
	375	case SSL_AlertDecryptError:
	376	return "SSL_AlertDecryptError";
	377
	378	case SSL_AlertExportRestriction:
	379	return "SSL_AlertExportRestriction";
	380	case SSL_AlertProtocolVersion:
	381	return "SSL_AlertProtocolVersion";
	382	case SSL_AlertInsufficientSecurity:
	383	return "SSL_AlertInsufficientSecurity";
	384	case SSL_AlertInternalError:
	385	return "SSL_AlertInternalError";
	386	case SSL_AlertUserCancelled:
	387	return "SSL_AlertUserCancelled";
	388	case SSL_AlertNoRenegotiation:
	389	return "SSL_AlertNoRenegotiation";
	390
391	default:
392	sprintf(badStr, "Unknown state (%d(d)", msg);
393	return badStr;
394	}
395	}
396
397	static void SSLLogAlertMsg(AlertDescription msg, bool sent)
398	{
399	sslHdskMsgDebug("---%s alert msg %s",
400	alertMsgToStr(msg), (sent ? "sent" : "recv"));
401	}
402
403	#endif /* NDEBUG */