summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2017-06-01 17:06:41 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2017-06-01 17:06:41 +0700
commit86f0665ac96629cf1cbb6967383b391fb051a895 (patch)
tree696791c49c4b8c9af8376262b221c913415512b8
parentTighten up no_certificate alert handling (diff)
downloadBouncyCastle.NET-ed25519-86f0665ac96629cf1cbb6967383b391fb051a895.tar.xz
Improve error handling/messages
Diffstat
-rw-r--r--crypto/src/crypto/tls/TlsProtocol.cs33


1 files changed, 11 insertions, 22 deletions
diff --git a/crypto/src/crypto/tls/TlsProtocol.cs b/crypto/src/crypto/tls/TlsProtocol.cs

index 490580fad..5a1c08616 100644
--- a/crypto/src/crypto/tls/TlsProtocol.cs
+++ b/crypto/src/crypto/tls/TlsProtocol.cs
@@ -10,8 +10,6 @@ namespace Org.BouncyCastle.Crypto.Tls
 {
     public abstract class TlsProtocol
     {
-        private static readonly string TLS_ERROR_MESSAGE = "Internal TLS error, this could be an attack";
-
         /*
          * Our Connection states
          */
@@ -386,8 +384,12 @@ namespace Org.BouncyCastle.Crypto.Tls
                     this.mClosed = true;
 
                     mRecordStream.SafeClose();
+                    if (!mAppDataReady)
+                    {
+                        CleanupHandshake();
+                    }
 
-                    throw new IOException(TLS_ERROR_MESSAGE);
+                    throw new IOException("Fatal alert received from TLS peer: " + AlertDescription.GetText(description));
                 }
                 else
                 {
@@ -464,22 +466,14 @@ namespace Org.BouncyCastle.Crypto.Tls
 
             while (mApplicationDataQueue.Available == 0)
             {
-                /*
-                 * We need to read some data.
-                 */
                 if (this.mClosed)
                 {
                     if (this.mFailedWithError)
-                    {
-                        /*
-                         * Something went terribly wrong, we should throw an IOException
-                         */
-                        throw new IOException(TLS_ERROR_MESSAGE);
-                    }
+                        throw new IOException("Cannot read application data on failed TLS connection");
+
+                    if (!mAppDataReady)
+                        throw new InvalidOperationException("Cannot read application data until initial handshake completed.");
 
-                    /*
-                     * Connection has been closed, there is no more data to read.
-                     */
                     return 0;
                 }
 
@@ -577,12 +571,7 @@ namespace Org.BouncyCastle.Crypto.Tls
         protected internal virtual void WriteData(byte[] buf, int offset, int len)
         {
             if (this.mClosed)
-            {
-                if (this.mFailedWithError)
-                    throw new IOException(TLS_ERROR_MESSAGE);
-
-                throw new IOException("Sorry, connection has been closed, you cannot write more data");
-            }
+                throw new IOException("Cannot write application data on closed/failed TLS connection");
 
             while (len > 0)
             {
@@ -884,7 +873,7 @@ namespace Org.BouncyCastle.Crypto.Tls
                 }
             }
 
-            throw new IOException(TLS_ERROR_MESSAGE);
+            throw new IOException("TLS connection failed");
         }
 
         protected virtual void InvalidateSession()

 

generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-08-08 14:44:10 +0000