commit fbed9f8158ef50518706798a1488f9af4be3eb7d
author Dr. Stephen Henson <steve@openssl.org> Thu Dec 17 15:42:52 2009 +0000
committer Dr. Stephen Henson <steve@openssl.org> Thu Dec 17 15:42:52 2009 +0000
tree 69e556291d6dec34d6731e78e3ac7f5b033a4340
parent e50858c559b6eaa6088ddab47e05b516b92b73d0

Alert to use is now defined in spec: update code

ssl/t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 6678926..c467034 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -971,8 +971,7 @@
 	if (!renegotiate_seen && s->new_session &&
 		!(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
 		{
-		/* FIXME: Spec currently doesn't give alert to use */
-		*al = SSL_AD_ILLEGAL_PARAMETER;
+		*al = SSL_AD_HANDSHAKE_FAILURE;
 	 	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
 				SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
 		return 0;
@@ -1161,8 +1160,7 @@
 		(s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT))
 		&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
 		{
-		/* FIXME: Spec currently doesn't give alert to use */
-		*al = SSL_AD_ILLEGAL_PARAMETER;
+		*al = SSL_AD_HANDSHAKE_FAILURE;
 		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
 				SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
 		return 0;