@@ -2388,6 +2388,66 @@ OPENSSL_EXPORT const char *SSL_get_psk_identity_hint(const SSL *ssl);
23882388OPENSSL_EXPORT const char * SSL_get_psk_identity (const SSL * ssl );
23892389
23902390
2391+ /* Alerts.
2392+ *
2393+ * TLS and SSL 3.0 use alerts to signal error conditions. Alerts have a type
2394+ * (warning or fatal) and description. OpenSSL internally handles fatal alerts
2395+ * with dedicated error codes (see |SSL_AD_REASON_OFFSET|). Except for
2396+ * close_notify, warning alerts are silently ignored and may only be surfaced
2397+ * with |SSL_CTX_set_info_callback|. */
2398+
2399+ /* SSL_AD_REASON_OFFSET is the offset between error reasons and |SSL_AD_*|
2400+ * values. Any error code under |ERR_LIB_SSL| with an error reason above this
2401+ * value corresponds to an alert description. Consumers may add or subtract
2402+ * |SSL_AD_REASON_OFFSET| to convert between them.
2403+ *
2404+ * make_errors.go reserves error codes above 1000 for manually-assigned errors.
2405+ * This value must be kept in sync with reservedReasonCode in make_errors.h */
2406+ #define SSL_AD_REASON_OFFSET 1000
2407+
2408+ /* SSL_AD_* are alert descriptions for SSL 3.0 and TLS. */
2409+ #define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
2410+ #define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE
2411+ #define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC
2412+ #define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
2413+ #define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
2414+ #define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE
2415+ #define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE
2416+ #define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not used in TLS */
2417+ #define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
2418+ #define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
2419+ #define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
2420+ #define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
2421+ #define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
2422+ #define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER
2423+ #define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA
2424+ #define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED
2425+ #define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR
2426+ #define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
2427+ #define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION
2428+ #define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION
2429+ #define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY
2430+ #define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR
2431+ #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
2432+ #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
2433+ #define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
2434+ #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
2435+ #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
2436+ #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE \
2437+ TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
2438+ #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
2439+ #define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY
2440+ #define SSL_AD_INAPPROPRIATE_FALLBACK SSL3_AD_INAPPROPRIATE_FALLBACK
2441+
2442+ /* SSL_alert_type_string_long returns a string description of |value| as an
2443+ * alert type (warning or fatal). */
2444+ OPENSSL_EXPORT const char * SSL_alert_type_string_long (int value );
2445+
2446+ /* SSL_alert_desc_string_long returns a string description of |value| as an
2447+ * alert description or "unknown" if unknown. */
2448+ OPENSSL_EXPORT const char * SSL_alert_desc_string_long (int value );
2449+
2450+
23912451/* ex_data functions.
23922452 *
23932453 * See |ex_data.h| for details. */
@@ -2709,45 +2769,6 @@ OPENSSL_EXPORT int SSL_in_false_start(const SSL *s);
27092769
27102770DECLARE_PEM_rw (SSL_SESSION , SSL_SESSION )
27112771
2712- /* make_errors.go reserves error codes above 1000 for manually-assigned errors.
2713- * This value must be kept in sync with reservedReasonCode in make_errors.h */
2714- #define SSL_AD_REASON_OFFSET \
2715- 1000 /* offset to get SSL_R_... value from SSL_AD_... */
2716-
2717- /* These alert types are for SSLv3 and TLSv1 */
2718- #define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
2719- #define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
2720- #define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */
2721- #define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
2722- #define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
2723- #define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE /* fatal */
2724- #define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE /* fatal */
2725- #define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */
2726- #define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
2727- #define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
2728- #define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
2729- #define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
2730- #define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
2731- #define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */
2732- #define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */
2733- #define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
2734- #define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
2735- #define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
2736- #define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION /* fatal */
2737- #define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
2738- #define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY /* fatal */
2739- #define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
2740- #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
2741- #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
2742- #define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
2743- #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
2744- #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
2745- #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE \
2746- TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
2747- #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
2748- #define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
2749- #define SSL_AD_INAPPROPRIATE_FALLBACK SSL3_AD_INAPPROPRIATE_FALLBACK /* fatal */
2750-
27512772/* SSL_total_renegotiations returns the total number of renegotiation handshakes
27522773 * peformed by |ssl|. This includes the pending renegotiation, if any. */
27532774OPENSSL_EXPORT int SSL_total_renegotiations (const SSL * ssl );
@@ -2766,11 +2787,6 @@ OPENSSL_EXPORT const char *SSL_state_string_long(const SSL *ssl);
27662787 * renegotiation. */
27672788OPENSSL_EXPORT int SSL_renegotiate_pending (SSL * ssl );
27682789
2769- OPENSSL_EXPORT const char * SSL_alert_type_string_long (int value );
2770- OPENSSL_EXPORT const char * SSL_alert_type_string (int value );
2771- OPENSSL_EXPORT const char * SSL_alert_desc_string_long (int value );
2772- OPENSSL_EXPORT const char * SSL_alert_desc_string (int value );
2773-
27742790OPENSSL_EXPORT void SSL_set_shutdown (SSL * ssl , int mode );
27752791OPENSSL_EXPORT int SSL_get_shutdown (const SSL * ssl );
27762792OPENSSL_EXPORT SSL_CTX * SSL_get_SSL_CTX (const SSL * ssl );
@@ -3128,6 +3144,14 @@ OPENSSL_EXPORT size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count);
31283144OPENSSL_EXPORT size_t SSL_get_peer_finished (const SSL * ssl , void * buf ,
31293145 size_t count );
31303146
3147+ /* SSL_alert_type_string returns "!". Use |SSL_alert_type_string_long|
3148+ * instead. */
3149+ OPENSSL_EXPORT const char * SSL_alert_type_string (int value );
3150+
3151+ /* SSL_alert_desc_string returns "!!". Use |SSL_alert_desc_string_long|
3152+ * instead. */
3153+ OPENSSL_EXPORT const char * SSL_alert_desc_string (int value );
3154+
31313155
31323156/* Private structures.
31333157 *
0 commit comments