diff options
author | Michael Catanzaro <mcatanzaro@igalia.com> | 2017-05-16 23:16:20 -0500 |
---|---|---|
committer | Michael Catanzaro <mcatanzaro@igalia.com> | 2017-05-23 10:16:45 -0500 |
commit | 0160a89e195d25635596198e82691d29375f3c87 (patch) | |
tree | 0ffa7253796efa80e56bdf6c8db5022ba67a8ff8 | |
parent | acbc72ce79fb0874f730c34950533a88ee106920 (diff) | |
download | glib-networking-0160a89e195d25635596198e82691d29375f3c87.tar.gz |
gnutls: Provide better error message when TLS alert is received
Print a message describing the alert.
This also changes the error code used when a TLS alert is received from
G_TLS_ERROR_NOT_TLS, which is clearly inappropriate as the peer must
support TLS if it is sending a TLS alert, to G_TLS_ERROR_MISC.
https://bugzilla.gnome.org/show_bug.cgi?id=782218
-rw-r--r-- | tls/gnutls/gtlsconnection-gnutls.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c index 05e38b6..d2914fa 100644 --- a/tls/gnutls/gtlsconnection-gnutls.c +++ b/tls/gnutls/gtlsconnection-gnutls.c @@ -784,7 +784,6 @@ end_gnutls_io (GTlsConnectionGnutls *gnutls, if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_FAILED) || g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE) || status == GNUTLS_E_UNEXPECTED_PACKET_LENGTH || - status == GNUTLS_E_FATAL_ALERT_RECEIVED || status == GNUTLS_E_DECRYPTION_FAILED || status == GNUTLS_E_UNSUPPORTED_VERSION_PACKET) { @@ -848,6 +847,13 @@ end_gnutls_io (GTlsConnectionGnutls *gnutls, _("TLS connection peer did not send a certificate")); return status; } + else if (status == GNUTLS_E_FATAL_ALERT_RECEIVED) + { + g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC, + _("Peer sent fatal TLS alert: %s"), + gnutls_alert_get_name (gnutls_alert_get (gnutls->priv->session))); + return status; + } if (error) { |