[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Fri Apr 20 10:43:43 UTC 2018

The branch OpenSSL_1_0_2-stable has been updated
       via  279bf3e0a07d6c84043a316ca8494cbc3b51f731 (commit)
      from  b38999240954f7ca80abbf8064cc4c87e306a3b2 (commit)


- Log -----------------------------------------------------------------
commit 279bf3e0a07d6c84043a316ca8494cbc3b51f731
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Apr 19 10:38:57 2018 +0100

    Fix the alert sent if no shared sig algs
    
    We were sending illegal parameter. This isn't correct. The parameters are
    legal, we just don't have an overlap. A more appropriate alert is
    handshake failure.
    
    Fixes #2919
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6011)

-----------------------------------------------------------------------

Summary of changes:
 ssl/t1_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 179802c..8cb8816 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3165,7 +3165,7 @@ int tls1_set_server_sigalgs(SSL *s)
         if (!s->cert->shared_sigalgs) {
             SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS,
                    SSL_R_NO_SHARED_SIGATURE_ALGORITHMS);
-            al = SSL_AD_ILLEGAL_PARAMETER;
+            al = SSL_AD_HANDSHAKE_FAILURE;
             goto err;
         }
     } else
