add SNI_UNSUPPORTED for better handling SSL 3.0 buffers on CyaSSL_SNI_GetFromBuffer()

2014-12-08 17:31:37 -03:00 · 2014-12-08 17:31:37 -03:00 · 513ea4d38a
commit 513ea4d38a
parent 1ada0dfa31
3 changed files with 4 additions and 3 deletions
--- a/cyassl/error-ssl.h
+++ b/cyassl/error-ssl.h
@ -126,6 +126,7 @@ enum CyaSSL_ErrorCodes {
    NO_CHANGE_CIPHER_E      = -393,        /* Finished before change cipher */
    SANITY_MSG_E            = -394,        /* Sanity check on msg order error */
    DUPLICATE_MSG_E         = -395,        /* Duplicate message error */
+    SNI_UNSUPPORTED         = -396,        /* SSL 3.0 does not support SNI */

    /* add strings to SetErrorString !!!!! */

--- a/src/tls.c
+++ b/src/tls.c
@ -1108,7 +1108,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
        return BUFFER_ERROR;

    if (clientHello[offset++] < TLSv1_MINOR)
-        return BUFFER_ERROR;
+        return SNI_UNSUPPORTED;

    ato16(clientHello + offset, &len16);
    offset += OPAQUE16_LEN;
--- a/tests/api.c
+++ b/tests/api.c
@ -921,8 +921,8 @@ static void test_CyaSSL_SNI_GetFromBuffer(void)
                                                           0, result, &length));
    buffer[1] = 0x03;

-    AssertIntEQ(BUFFER_ERROR, CyaSSL_SNI_GetFromBuffer(buffer, sizeof(buffer),
-                                                           0, result, &length));
+    AssertIntEQ(SNI_UNSUPPORTED, CyaSSL_SNI_GetFromBuffer(buffer, 
+                                           sizeof(buffer), 0, result, &length));
    buffer[2] = 0x03;

    AssertIntEQ(INCOMPLETE_DATA, CyaSSL_SNI_GetFromBuffer(buffer,