Alert to use is now defined in spec: update code

author: steve <steve> 2009-12-17 15:42:25 +0000
committer: steve <steve> 2009-12-17 15:42:25 +0000
commit: cb3ef831c0a9b82ee5c94003d151228ba43f0fab (patch)
tree: 402a309d808b40c541b3887b59a9ca849d125a65 /ssl
parent: f0d634a15cc3c3d6cdbf97481fa4ba300a2863a0 (diff)
download: openssl-cb3ef831c0a9b82ee5c94003d151228ba43f0fab.tar.gz
1 files changed, 2 insertions, 4 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 07a3900c7..8625b5710 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -589,8 +589,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 	if (!renegotiate_seen && s->new_session &&
 		!(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
 		{
-		/* FIXME: Spec currently doesn't give alert to use */
-		*al = SSL_AD_ILLEGAL_PARAMETER;
+		*al = SSL_AD_HANDSHAKE_FAILURE;
 	 	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
 				SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
 		return 0;
@@ -709,8 +708,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 		(s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT))
 		&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
 		{
-		/* FIXME: Spec currently doesn't give alert to use */
-		*al = SSL_AD_ILLEGAL_PARAMETER;
+		*al = SSL_AD_HANDSHAKE_FAILURE;
 		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
 				SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
 		return 0;
author	steve <steve>	2009-12-17 15:42:25 +0000
committer	steve <steve>	2009-12-17 15:42:25 +0000
commit	cb3ef831c0a9b82ee5c94003d151228ba43f0fab (patch)
tree	402a309d808b40c541b3887b59a9ca849d125a65 /ssl
parent	f0d634a15cc3c3d6cdbf97481fa4ba300a2863a0 (diff)
download	openssl-cb3ef831c0a9b82ee5c94003d151228ba43f0fab.tar.gz