return codes

29dc4419 · Jannik Hoelling · 35751270 · 29dc4419 · 29dc4419 · 29dc4419
Commit 29dc4419 authored Sep 25, 2021 by Jannik Hoelling
--- a/bearssl/client/client.c
+++ b/bearssl/client/client.c
@@ -95,7 +95,9 @@ int main(int argc, char *argv[]) {
    err = br_ssl_engine_last_error(&sc.eng);
    if (alpn_received == NULL || strcmp(alpn_ptr[0], alpn_received) != 0) {
        printf("Invalid ALPN received: %s\n", alpn_received);
-        return BR_OPT_FAIL_ON_ALPN_MISMATCH;
+        br_sslio_close(&ioc);
+        close(fd);
+        return 120;
    } else {
        printf("ALPN negotiatiated: %s\n", alpn_received);
    }
@@ -147,14 +149,17 @@ int main(int argc, char *argv[]) {
            return EXIT_SUCCESS;
        } else if (err == BR_ERR_X509_BAD_SERVER_NAME) {
            fprintf(stderr, "ERROR BR_ERR_X509_BAD_SERVER_NAME\n");
+            return 112;
        } else if (err == BR_ALERT_BAD_CERTIFICATE) {
            fprintf(stderr, "ERROR BR_ALERT_BAD_CERTIFICATE\n");
        } else if (err == BR_ALERT_CERTIFICATE_UNKNOWN) {
            fprintf(stderr, "ERROR BR_ALERT_CERTIFICATE_UNKNOWN\n");
        } else if (err == BR_ALERT_NO_APPLICATION_PROTOCOL) {
            fprintf(stderr, "ERROR BR_ALERT_NO_APPLICATION_PROTOCOL\n");
+            return 120;
        } else if (err == BR_OPT_FAIL_ON_ALPN_MISMATCH) {
            fprintf(stderr, "ERROR BR_OPT_FAIL_ON_ALPN_MISMATCH\n");
+            return 120;
        } else if (err == BR_ERR_BAD_SNI) {
            fprintf(stderr, "ERROR BR_ERR_BAD_SNI\n");
        } else {

--- a/build-everything.sh
+++ b/build-everything.sh
 #!/bin/bash
-for library in baseimage openssl bearssl botan gnutls golang mbedtls wolfssl ; do 
+for library in baseimage openssl bearssl botan java gnutls golang mbedtls wolfssl ; do 
    (cd "$library" 
    ./build.sh);
 done
--- a/golang/client/client.go
+++ b/golang/client/client.go
@@ -63,9 +63,9 @@ func main() {
 	if err != nil {
 		log.Println(err)
 		if strings.Contains(err.Error(), "server selected unadvertised ALPN protocol") {
-			os.Exit(134)
+			os.Exit(120)
 		} else if strings.Contains(err.Error(), "x509: certificate is valid for") {
-			os.Exit(112)
+			os.Exit(42)
 		}
 		os.Exit(1)
 	}

--- a/java/client/src/Client.java
+++ b/java/client/src/Client.java
@@ -101,7 +101,7 @@ public class Client {
        String peerCNname = getCommonName((X509Certificate) sslSocket.getSession().getPeerCertificates()[0]);
        if (!peerCNname.equals(servername)) {
            System.out.println("Hostname Verification failed: " + peerCNname);
-            System.exit(112);
+            System.exit(42);
        }
        System.out.println("Hostname Verification succeded: " + peerCNname);

@@ -109,7 +109,7 @@ public class Client {
        String ap = sslSocket.getApplicationProtocol();
        if (!ap.equals(alpn[0])) {
            System.out.println("INVALID ALPN: \"" + ap + "\"");
-            System.exit(1);
+            System.exit(120);
        }
        System.out.println("ALPN: \"" + ap + "\"");


--- a/mbedtls/client/client.c
+++ b/mbedtls/client/client.c
@@ -197,7 +197,7 @@ cleanup:
        char error_buf[100];
        mbedtls_strerror(ret, error_buf, 100);
        if (strstr(error_buf, "X509 - Certificate verification failed") != NULL) {
-            ret = 134;
+            ret = 42;
        } else if (strstr(error_buf, "Processing of the ServerHello handshake message failed") != NULL) {
            ret = 120;
        }

--- a/openssl/client/client.c
+++ b/openssl/client/client.c
@@ -199,7 +199,7 @@ static int error_callback(const char *str, size_t len, void *err) {
    } else if (strstr(str, "CERTIFICATE_VERIFY_FAILED") != NULL || strstr(str, "certificate verify failed") != NULL) {
        printf("CERTIFICATE_VERIFY_FAILED \n");
        //err = 1;
-        (*(int *)err) = SSL_R_CERTIFICATE_VERIFY_FAILED;
+        (*(int *)err) = SSL3_AD_BAD_CERTIFICATE;
    } else if (strstr(str, "TLSV1_ALERT_UNRECOGNIZED_NAME") != NULL || strstr(str, "tlsv1 unrecognized name") != NULL) {
        printf("TLSV1_ALERT_UNRECOGNIZED_NAME \n");
        //err = 1;

--- a/run-everything.sh
+++ b/run-everything.sh
@@ -20,7 +20,7 @@ NC='\033[0m' # No Color
 # 2. get results file from docker container
 # 3. append them to the results file on the host
 rm results
-for library in bearssl botan gnutls golang mbedtls openssl wolfssl ; do 
+for library in bearssl botan gnutls java golang mbedtls openssl wolfssl ; do 
    (cd "$library" 
    ./run.sh
    containerid=$(docker-compose ps -q $library-client)

--- a/wolfssl/client/client.c
+++ b/wolfssl/client/client.c
@@ -138,7 +138,7 @@ int main(int argc, char **argv) {
            ret = 120;
        }
        if (strstr(error_string, "peer subject name mismatch") != NULL) {
-            ret = 134;
+            ret = 42;
        }
        goto cleanup;
    }