Reusing an SSL object when it has encountered a fatal error can
have bad consequences. This is a bug in application code not libssl
but libssl should be more forgiving and not crash.
Reviewed-by: Rich Salz <rsalz@openssl.org>
# define SSL_ST_BEFORE 0x4000
# define SSL_ST_OK 0x03
# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
+# define SSL_ST_ERR 0x05
# define SSL_CB_LOOP 0x01
# define SSL_CB_EXIT 0x02
goto end;
/* break; */
+ case SSL_ST_ERR:
default:
SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE);
ret = -1;
if (0) {
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
- }
err:
+ s->state = SSL_ST_ERR;
+ }
+
sk_SSL_CIPHER_free(ciphers);
return ret < 0 ? -1 : ret;
}
case SSL_ST_OK | SSL_ST_ACCEPT:
str = "ok/accept SSL initialization";
break;
+ case SSL_ST_ERR:
+ str = "error";
+ break;
#ifndef OPENSSL_NO_SSL3
/* SSLv3 additions */
case SSL_ST_OK:
str = "SSLOK ";
break;
+ case SSL_ST_ERR:
+ str = "SSLERR";
+ break;
#ifndef OPENSSL_NO_SSL3
/* SSLv3 additions */