From 3761340bf38d151439f8155039a3a367fc51a283 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 7 Jun 2017 09:50:29 +0200
Subject: handshake: return better error code on unwanted algorithm

That is, when a signature algorithm is available which was not
asked by the peer, then return GNUTLS_E_UNWANTED_ALGORITHM
instead of the UNKNOWN_ALGORITHM.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/alert.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib/alert.c')

diff --git a/lib/alert.c b/lib/alert.c
index d3d58888fc..0aa3a69aa8 100644
--- a/lib/alert.c
+++ b/lib/alert.c
@@ -250,6 +250,7 @@ int gnutls_error_to_alert(int err, int *level)
 	case GNUTLS_E_SAFE_RENEGOTIATION_FAILED:
 	case GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL:
 	case GNUTLS_E_UNKNOWN_PK_ALGORITHM:
+	case GNUTLS_E_UNWANTED_ALGORITHM:
 		ret = GNUTLS_A_HANDSHAKE_FAILURE;
 		_level = GNUTLS_AL_FATAL;
 		break;
-- 
cgit v1.2.1