diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2017-02-13 15:50:43 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2017-02-15 02:23:54 +0000 |
| commit | 4a419f60188405d6ecc450526b6aa926638d1db2 (patch) | |
| tree | 955e898487ef0922117e300a16048707676a3a99 /ssl/t1_lib.c | |
| parent | 4020c0b33b25f829ca68976970d44227d115eb9e (diff) | |
Change tls_choose_sigalg so it can set errors and alerts.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2623)
Diffstat (limited to 'ssl/t1_lib.c')
| -rw-r--r-- | ssl/t1_lib.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index eba32037f2..e310071c23 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2268,7 +2268,7 @@ int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy) * Choose an appropriate signature algorithm based on available certificates * Set current certificate and digest to match chosen algorithm. */ -int tls_choose_sigalg(SSL *s) +int tls_choose_sigalg(SSL *s, int *al) { if (SSL_IS_TLS13(s)) { size_t i; @@ -2312,6 +2312,8 @@ int tls_choose_sigalg(SSL *s) s->cert->key = s->cert->pkeys + idx; return 1; } + *al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_TLS_CHOOSE_SIGALG, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); return 0; } /* |