From 54bc369ad76f05c426999512179f13bb02fa465f Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 17 Dec 2009 15:42:43 +0000 Subject: [PATCH] Alert to use is now defined in spec: update code --- ssl/t1_lib.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 26b8bf98cc..4eb6d13840 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -971,8 +971,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in if (!renegotiate_seen && s->new_session && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { - /* FIXME: Spec currently doesn't give alert to use */ - *al = SSL_AD_ILLEGAL_PARAMETER; + *al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); return 0; @@ -1161,8 +1160,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in (s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { - /* FIXME: Spec currently doesn't give alert to use */ - *al = SSL_AD_ILLEGAL_PARAMETER; + *al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); return 0;