From d18e7b25a17a0c62c0beddc81f23b1dea18b7ef4 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Mon, 24 Mar 2014 18:58:30 +0100
Subject: ssl: Handle SNI alert unrecognized_name and gracefully deal with
 unexpected alerts.

Add recognitions of RFC 4366 alerts and handle possible
unimplementd alerts in a gracefully way.
---
 lib/ssl/src/ssl_alert.erl | 16 ++++++++++++++--
 lib/ssl/src/ssl_alert.hrl | 16 ++++++++++++++--
 2 files changed, 28 insertions(+), 4 deletions(-)

(limited to 'lib/ssl/src')

diff --git a/lib/ssl/src/ssl_alert.erl b/lib/ssl/src/ssl_alert.erl
index 5c842b4d19..8b393468ea 100644
--- a/lib/ssl/src/ssl_alert.erl
+++ b/lib/ssl/src/ssl_alert.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2013. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2014. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -124,5 +124,17 @@ description_txt(?USER_CANCELED) ->
     "user canceled";
 description_txt(?NO_RENEGOTIATION) ->
     "no renegotiation";
+description_txt(?UNSUPPORTED_EXTENSION) ->
+    "unsupported extension";
+description_txt(?CERTIFICATE_UNOBTAINABLE) ->
+    "certificate unobtainable";
+description_txt(?UNRECOGNISED_NAME) ->
+    "unrecognised name";
+description_txt(?BAD_CERTIFICATE_STATUS_RESPONSE) ->
+    "bad certificate status response";
+description_txt(?BAD_CERTIFICATE_HASH_VALUE) ->
+    "bad certificate hash value";
 description_txt(?UNKNOWN_PSK_IDENTITY) ->
-    "unknown psk identity".
+    "unknown psk identity";
+description_txt(Enum) ->
+    lists:flatten(io_lib:format("unsupported/unknown alert: ~p", [Enum])).
diff --git a/lib/ssl/src/ssl_alert.hrl b/lib/ssl/src/ssl_alert.hrl
index 2a8a91aefa..2d1f323085 100644
--- a/lib/ssl/src/ssl_alert.hrl
+++ b/lib/ssl/src/ssl_alert.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2014. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -48,7 +48,7 @@
 %%       unsupported_certificate(43),
 %%       certificate_revoked(44),
 %%       certificate_expired(45),
-   %%       certificate_unknown(46),
+%%       certificate_unknown(46),
 %%       illegal_parameter(47),
 %%       unknown_ca(48),
 %%       access_denied(49),
@@ -60,6 +60,13 @@
 %%       internal_error(80),
 %%       user_canceled(90),
 %%       no_renegotiation(100),
+%% RFC 4366
+%%         unsupported_extension(110),           
+%%         certificate_unobtainable(111),        
+%%         unrecognized_name(112),               
+%%         bad_certificate_status_response(113), 
+%%         bad_certificate_hash_value(114),      
+%% RFC 4366
 %%       unknown_psk_identity(115),
 %%           (255)
 %%       } AlertDescription;
@@ -88,6 +95,11 @@
 -define(INTERNAL_ERROR, 80).
 -define(USER_CANCELED, 90).
 -define(NO_RENEGOTIATION, 100).
+-define(UNSUPPORTED_EXTENSION, 110).
+-define(CERTIFICATE_UNOBTAINABLE, 111).
+-define(UNRECOGNISED_NAME, 112).
+-define(BAD_CERTIFICATE_STATUS_RESPONSE, 113).
+-define(BAD_CERTIFICATE_HASH_VALUE, 114).
 -define(UNKNOWN_PSK_IDENTITY, 115).
 
 -define(ALERT_REC(Level,Desc), #alert{level=Level,description=Desc,where={?FILE, ?LINE}}).
-- 
cgit v1.2.3