Alert to use is now defined in spec: update code

author Dr. Stephen Henson <steve@openssl.org>

Thu, 17 Dec 2009 15:42:25 +0000 (15:42 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 17 Dec 2009 15:42:25 +0000 (15:42 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 17 Dec 2009 15:42:25 +0000 (15:42 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 17 Dec 2009 15:42:25 +0000 (15:42 +0000)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index 07a3900c7fd2c4725ea92444c86632bd87ebfe91..8625b57104ed03618e8812137775223b4634d362 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -589,8 +589,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
         if (!renegotiate_seen && s->new_session &&
                 !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
                 {
-               /* FIXME: Spec currently doesn't give alert to use */
-               *al = SSL_AD_ILLEGAL_PARAMETER;
+               *al = SSL_AD_HANDSHAKE_FAILURE;
                 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
                                 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
                 return 0;
@@ -709,8 +708,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                 (s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT))
                 && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
                 {
-               /* FIXME: Spec currently doesn't give alert to use */
-               *al = SSL_AD_ILLEGAL_PARAMETER;
+               *al = SSL_AD_HANDSHAKE_FAILURE;
                 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
                                 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
                 return 0;
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 17 Dec 2009 15:42:25 +0000 (15:42 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 17 Dec 2009 15:42:25 +0000 (15:42 +0000)