Add a hook in TLS_Channel that is called when an alert is received.

Currently has the same behavior in client and server; if we got a
NO_RENEGOTIATION alert, and we appear to be renegotiating, delete the
state if it exists.

Noticed when talking to OpenSSL 0.9.8g which rejects all renegotiation
requests.

6 files changed, 34 insertions, 2 deletions

diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp
index cc8c4ef10..73c4fd4ab 100644
--- a/src/tls/tls_channel.cpp
+++ b/src/tls/tls_channel.cpp
@@ -45,7 +45,7 @@ size_t TLS_Channel::received_data(const byte buf[], size_t buf_size)
       reader.add_input(buf, buf_size);
 
       byte rec_type = CONNECTION_CLOSED;
-      SecureVector<byte> record;
+      MemoryVector<byte> record;
 
       while(!reader.currently_empty())
          {
@@ -79,6 +79,8 @@ size_t TLS_Channel::received_data(const byte buf[], size_t buf_size)
             {
             Alert alert_msg(record);
 
+            alert_notify(alert_msg.is_fatal(), alert_msg.type());
+
             proc_fn(0, 0, alert_msg.type());
 
             if(!connection_closed)
@@ -131,7 +133,7 @@ void TLS_Channel::read_handshake(byte rec_type,
    while(true)
       {
       Handshake_Type type = HANDSHAKE_NONE;
-      SecureVector<byte> contents;
+      MemoryVector<byte> contents;
 
       if(rec_type == HANDSHAKE)
          {
diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h
index 129182150..bf9665ef8 100644
--- a/src/tls/tls_channel.h
+++ b/src/tls/tls_channel.h
@@ -84,6 +84,8 @@ class BOTAN_DLL TLS_Channel
       virtual void process_handshake_msg(Handshake_Type type,
                                          const MemoryRegion<byte>& contents) = 0;
 
+      virtual void alert_notify(bool fatal_alert, Alert_Type type) = 0;
+
       std::tr1::function<void (const byte[], size_t, u16bit)> proc_fn;
       std::tr1::function<bool (const TLS_Session&)> handshake_fn;
 
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index e79fb18d8..73806a1ba 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -96,6 +96,18 @@ void TLS_Client::renegotiate()
    secure_renegotiation.update(state->client_hello);
    }
 
+void TLS_Client::alert_notify(bool, Alert_Type type)
+   {
+   if(type == NO_RENEGOTIATION)
+      {
+      if(handshake_completed && state)
+         {
+         delete state;
+         state = 0;
+         }
+      }
+   }
+
 /*
 * Process a handshake message
 */
diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h
index 85f220264..95b5c8f61 100644
--- a/src/tls/tls_client.h
+++ b/src/tls/tls_client.h
@@ -56,6 +56,8 @@ class BOTAN_DLL TLS_Client : public TLS_Channel
       void process_handshake_msg(Handshake_Type type,
                                  const MemoryRegion<byte>& contents);
 
+      void alert_notify(bool is_fatal, Alert_Type type);
+
       const TLS_Policy& policy;
       RandomNumberGenerator& rng;
       TLS_Session_Manager& session_manager;
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index c37e05f16..17f2b51b9 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -109,6 +109,18 @@ void TLS_Server::renegotiate()
    Hello_Request hello_req(writer);
    }
 
+void TLS_Server::alert_notify(bool, Alert_Type type)
+   {
+   if(type == NO_RENEGOTIATION)
+      {
+      if(handshake_completed && state)
+         {
+         delete state;
+         state = 0;
+         }
+      }
+   }
+
 /*
 * Split up and process handshake messages
 */
diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h
index 31e0e9ca4..f8c3a8563 100644
--- a/src/tls/tls_server.h
+++ b/src/tls/tls_server.h
@@ -53,6 +53,8 @@ class BOTAN_DLL TLS_Server : public TLS_Channel
 
       void process_handshake_msg(Handshake_Type, const MemoryRegion<byte>&);
 
+      void alert_notify(bool is_fatal, Alert_Type type);
+
       const TLS_Policy& policy;
       RandomNumberGenerator& rng;
       TLS_Session_Manager& session_manager;