From eca840f71ddda389e2d46af7a02b29dbd1049d12 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 30 Apr 2021 05:19:55 +0100 Subject: [PATCH] Remove unused MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED The SSL error code MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED is unused. Remove it for Mbed TLS 3.0. The code being unused comes as a surprise, at is seems to be reasonable to report it to the user upon peer CRT verification failure. However, this study (can potentially re-introduction of the code) can be left for 3.x, while the error code removal can only happen in 3.0. Signed-off-by: Hanno Becker --- include/mbedtls/error.h | 3 ++- include/mbedtls/ssl.h | 2 +- library/error.c | 2 -- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 6b42b22e7..591692761 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -107,7 +107,8 @@ * SSL 5 2 (Started from 0x5F00) * CIPHER 6 8 (Started from 0x6080) * SSL 6 24 (Started from top, plus 0x6000) - * SSL 7 31 (Started from 0x7080, gap at 0x7300) + * SSL 7 30 (Started from 0x7080, gaps at + * 0x7300, 0x7800) * * Module dependent error code (5 bits 0x.00.-0x.F8.) */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index aaddd7f46..2dd6cc455 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -77,7 +77,7 @@ #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */ #define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */ #define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */ -#define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Verification of our peer failed. */ +/* NOTE: Error space gap */ #define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< The peer notified us that the connection is going to be closed. */ #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Processing of the ClientHello handshake message failed. */ #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Processing of the ServerHello handshake message failed. */ diff --git a/library/error.c b/library/error.c index 48e99249f..1b050df3d 100644 --- a/library/error.c +++ b/library/error.c @@ -392,8 +392,6 @@ const char * mbedtls_high_level_strerr( int error_code ) return( "SSL - An unexpected message was received from our peer" ); case -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE): return( "SSL - A fatal alert message was received from our peer" ); - case -(MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED): - return( "SSL - Verification of our peer failed" ); case -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY): return( "SSL - The peer notified us that the connection is going to be closed" ); case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO):