Bug 1294975 - Send decode_error for empty CertificateRequest.signature_algorithms, r=ekr
authorMartin Thomson <martin.thomson@gmail.com>
Fri, 07 Oct 2016 11:46:00 +1100
changeset 12683 2bfa7b5125965d22260153686bacbf6055cdafaa
parent 12682 c282555675dfd06b6166e269749b07b6b68cb583
child 12684 66d0a9ca356480db53561a3d3f75c1cb4a671b0b
push id1637
push usermartin.thomson@gmail.com
push dateFri, 07 Oct 2016 00:47:34 +0000
reviewersekr
bugs1294975
Bug 1294975 - Send decode_error for empty CertificateRequest.signature_algorithms, r=ekr Differential Revision: https://nss-dev.phacility.com/D63
lib/ssl/tls13con.c
--- a/lib/ssl/tls13con.c
+++ b/lib/ssl/tls13con.c
@@ -1738,17 +1738,17 @@ tls13_HandleCertificateRequest(sslSocket
     certRequest->ca_list.arena = arena;
 
     rv = ssl_ParseSignatureSchemes(ss, arena,
                                    &certRequest->signatureSchemes,
                                    &certRequest->signatureSchemeCount,
                                    &b, &length);
     if (rv != SECSuccess) {
         FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERT_REQUEST,
-                    illegal_parameter);
+                    decode_error);
         goto loser;
     }
 
     rv = ssl3_ParseCertificateRequestCAs(ss, &b, &length, arena,
                                          &certRequest->ca_list);
     if (rv != SECSuccess)
         goto loser; /* alert already sent */