Use the new TLSv1.3 certificate_required alert where appropriate

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2898)
author: Matt Caswell <matt@openssl.org> 2017-03-10 15:09:24 +0000
committer: Matt Caswell <matt@openssl.org> 2017-03-10 15:33:31 +0000
commit: 42c28b637c5ac9a288a0a6bde8f32622ba60e0a1 (patch)
tree: bd95fcbe86173c5ab645f395673d0463a022b89e /ssl/statem/statem_srvr.c
parent: 717afd9337abb2ec8f4b59c7c700fe417e746346 (diff)
download: openssl-42c28b637c5ac9a288a0a6bde8f32622ba60e0a1.zip
openssl-42c28b637c5ac9a288a0a6bde8f32622ba60e0a1.tar.gz
openssl-42c28b637c5ac9a288a0a6bde8f32622ba60e0a1.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 6c007a1..2e381fd 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3280,7 +3280,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
                  (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
             SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
                    SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-            al = SSL_AD_HANDSHAKE_FAILURE;
+            al = SSL_AD_CERTIFICATE_REQUIRED;
             goto f_err;
         }
         /* No client certificate so digest cached records */
author	Matt Caswell <matt@openssl.org>	2017-03-10 15:09:24 +0000
committer	Matt Caswell <matt@openssl.org>	2017-03-10 15:33:31 +0000
commit	42c28b637c5ac9a288a0a6bde8f32622ba60e0a1 (patch)
tree	bd95fcbe86173c5ab645f395673d0463a022b89e /ssl/statem/statem_srvr.c
parent	717afd9337abb2ec8f4b59c7c700fe417e746346 (diff)
download	openssl-42c28b637c5ac9a288a0a6bde8f32622ba60e0a1.zip openssl-42c28b637c5ac9a288a0a6bde8f32622ba60e0a1.tar.gz openssl-42c28b637c5ac9a288a0a6bde8f32622ba60e0a1.tar.bz2