5 files changed, 57 insertions, 0 deletions

diff --git a/lib/alert.c b/lib/alert.c
index cfd1205d01..7efc0a5af5 100644
--- a/lib/alert.c
+++ b/lib/alert.c
@@ -165,6 +165,22 @@ gnutls_alert_send(gnutls_session_t session, gnutls_alert_level_t level,
 	_gnutls_record_log("REC: Sending Alert[%d|%d] - %s\n", data[0],
 			   data[1], name);
 
+	if (session->internals.a_read_func) {
+		record_parameters_st *params;
+
+		ret = _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT, &params);
+		if (ret < 0)
+			return gnutls_assert_val(ret);
+		ret = session->internals.a_read_func(session,
+						     params->write.level,
+						     level,
+						     desc);
+		if (ret < 0)
+			return gnutls_assert_val(ret);
+
+		return ret;
+	}
+
 	if ((ret =
 	     _gnutls_send_int(session, GNUTLS_ALERT, -1,
 			      EPOCH_WRITE_CURRENT, data, 2,
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 26bbd22e56..cd4ee06887 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1247,6 +1247,7 @@ typedef struct {
 	int16_t h_post;		/* whether post-generation/receive */
 	gnutls_handshake_read_func h_read_func;
 	gnutls_handshake_secret_func h_secret_func;
+	gnutls_alert_read_func a_read_func;
 
 	gnutls_keylog_func keylog_func;
 
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 07df8e272d..cc82a4a986 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -3256,6 +3256,28 @@ void
 gnutls_handshake_set_secret_function(gnutls_session_t session,
 				     gnutls_handshake_secret_func func);
 
+  /**
+   * gnutls_alert_read_func:
+   * @session: the current session
+   * @level: #gnutls_record_encryption_level_t
+   * @alert_level: the level of the alert
+   * @alert_desc: the alert description
+   *
+   * Function prototype for alert intercepting hooks. It is set using
+   * gnutls_alert_set_read_function().
+   *
+   * Returns: Non zero on error.
+   * Since: 3.6.14
+   */
+typedef int (*gnutls_alert_read_func) (gnutls_session_t session,
+				       gnutls_record_encryption_level_t level,
+				       gnutls_alert_level_t alert_level,
+				       gnutls_alert_description_t alert_desc);
+
+void
+gnutls_alert_set_read_function(gnutls_session_t session,
+			       gnutls_alert_read_func func);
+
 /* FIPS140-2 related functions */
 unsigned gnutls_fips140_mode_enabled(void);
 
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 4b23dfed27..15871d5aaa 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -1333,6 +1333,7 @@ GNUTLS_3_6_14
 GNUTLS_QUIC_3_6_13
 {
  global:
+	gnutls_alert_set_read_function;
 	gnutls_handshake_set_read_function;
 	gnutls_handshake_write;
 	gnutls_handshake_set_secret_function;
diff --git a/lib/state.c b/lib/state.c
index b751735e5a..6a96f05c15 100644
--- a/lib/state.c
+++ b/lib/state.c
@@ -1480,6 +1480,23 @@ gnutls_handshake_set_read_function(gnutls_session_t session,
 }
 
 /**
+ * gnutls_alert_set_read_function:
+ * @session: is #gnutls_session_t type
+ * @func: is the function to be called
+ *
+ * This function will set a callback to be called when an alert
+ * message is being sent.
+ *
+ * Since: 3.6.14
+ */
+void
+gnutls_alert_set_read_function(gnutls_session_t session,
+			       gnutls_alert_read_func func)
+{
+	session->internals.a_read_func = func;
+}
+
+/**
  * gnutls_record_get_state:
  * @session: is a #gnutls_session_t type
  * @read: if non-zero the read parameters are returned, otherwise the write