From c862b8920e3548c8a157cdafdd6f24d183e5eccb Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Tue, 7 Aug 2018 12:32:56 +0200
Subject: alert: map GNUTLS_E_NO_COMMON_KEY_SHARE to handshake_failure

Previously, when server received a ClientHello that does include only
groups from unassigned ranges in supported_groups, it aborted the
connection with an illegal_parameter.

Resolves #537

Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 lib/alert.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/alert.c b/lib/alert.c
index 5755970ca1..9b10123345 100644
--- a/lib/alert.c
+++ b/lib/alert.c
@@ -221,7 +221,6 @@ int gnutls_error_to_alert(int err, int *level)
 	case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:
 	case GNUTLS_E_ILLEGAL_SRP_USERNAME:
 	case GNUTLS_E_PK_INVALID_PUBKEY:
-	case GNUTLS_E_NO_COMMON_KEY_SHARE:
 		ret = GNUTLS_A_ILLEGAL_PARAMETER;
 		_level = GNUTLS_AL_FATAL;
 		break;
@@ -255,6 +254,7 @@ int gnutls_error_to_alert(int err, int *level)
 	case GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL:
 	case GNUTLS_E_UNKNOWN_PK_ALGORITHM:
 	case GNUTLS_E_UNWANTED_ALGORITHM:
+	case GNUTLS_E_NO_COMMON_KEY_SHARE:
 		ret = GNUTLS_A_HANDSHAKE_FAILURE;
 		_level = GNUTLS_AL_FATAL;
 		break;
-- 
cgit v1.2.1