Don't forget about pending alerts after ssl_get_next_record() ssl_get_next_record() may pend fatal alerts in response to receiving invalid records. Previously, however, those were never actually sent because there was no code-path checking for pending alerts. This commit adds a call to ssl_send_pending_fatal_alert() after the invocation of ssl_get_next_record() to fix this.

commit: 42a6b04c4aefaacba6616d7c42c2e6dc15ffef4a [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Fri Jul 26 07:25:20 2019 +0100
committer: Hanno Becker <hanno.becker@arm.com> Fri Jul 26 07:25:20 2019 +0100
tree: 552131fae62d1ceeb337f0ee45c64f2c8a0ca021
parent: b82350b25f124baef80a28804d8c72fbab438386 [diff]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 601f81f..0b86e36 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -5116,6 +5116,7 @@
                     if( ret != 0 )
                     {
                         MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_get_next_record" ), ret );
+                        ssl_send_pending_fatal_alert( ssl );
                         return( ret );
                     }
                 }
commit	42a6b04c4aefaacba6616d7c42c2e6dc15ffef4a	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Fri Jul 26 07:25:20 2019 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Fri Jul 26 07:25:20 2019 +0100
tree	552131fae62d1ceeb337f0ee45c64f2c8a0ca021
parent	b82350b25f124baef80a28804d8c72fbab438386 [diff]