perform sanity checks on server certificate type as soon as it is received instead of waiting until server key exchange
diff --git a/ssl/ssl.h b/ssl/ssl.h index c5d4504..857cbf0 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h
@@ -2800,6 +2800,7 @@ #define SSL_R_UNSUPPORTED_STATUS_TYPE 329 #define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 #define SSL_R_WRITE_BIO_NOT_SET 260 +#define SSL_R_WRONG_CERTIFICATE_TYPE 383 #define SSL_R_WRONG_CIPHER_RETURNED 261 #define SSL_R_WRONG_CURVE 378 #define SSL_R_WRONG_MESSAGE_TYPE 262