The TLS Alert Protocol - GNU TLS 1.7.7

Next: The TLS Handshake Protocol, Previous: The TLS record protocol, Up: Introduction to TLS

3.4 The TLS Alert Protocol

The Alert protocol is there to allow signals to be sent between peers. These signals are mostly used to inform the peer about the cause of a protocol failure. Some of these signals are used internally by the protocol and the application protocol does not have to cope with them (see GNUTLS_A_CLOSE_NOTIFY), and others refer to the application protocol solely (see GNUTLS_A_USER_CANCELLED). An alert signal includes a level indication which may be either fatal or warning. Fatal alerts always terminate the current connection, and prevent future renegotiations using the current session ID.

The alert messages are protected by the record protocol, thus the information that is included does not leak. You must take extreme care for the alert information not to leak to a possible attacker, via public log files etc.

gnutls_alert_send:: To send an alert signal.
gnutls_error_to_alert:: To map a gnutls error number to an alert signal.
gnutls_alert_get:: Returns the last received alert.
gnutls_alert_get_name:: Returns the name, in a character array, of the given alert.