mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-09 19:14:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

dtls_server: allow unexpected messages during handshake

Browse Source 
If MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE happens during the handshake, don't
show it as an "error". It might be an error, but it might also be a fact of
life if it happens during the second or more handshake: it can be a
duplicated packet or a close_notify alert from the previous connection,
which is hard to avoid and harmless.

Fixes #9652.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-10-01 12:44:33 +02:00
parent 96c6f5eb36
commit 713127de4c
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
programs/ssl/dtls_server.c
View File

@ -289,7 +289,14 @@ reset:
ret = 0;
goto reset;
} else if (ret != 0) {
printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret);
printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n", (unsigned int) -ret);
if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) {
printf(" An unexpected message was received from our peer. If this happened at\n");
printf(" the beginning of the handshake, this is likely a duplicated packet or\n");
printf(" a close_notify alert from the previous connection, which is harmless.\n");
ret = 0;
}
printf("\n");
goto reset;
}