diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index c9a95e1933..2338bebb84 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1164,7 +1164,10 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, if( !mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "signature algorithm not in received list." ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c61f2352fe..61c4407a66 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9861,7 +9861,7 @@ run_test "TLS 1.3: No client authentication, client has certificate - openssl key_file=data_files/cli2.key" \ 0 \ -c "got no certificate request" \ - -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ -c "Protocol is TLSv1.3" @@ -9871,13 +9871,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -run_test "TLS 1.3: No client authentication, client has certificate- gnutls" \ +run_test "TLS 1.3: No client authentication, client has certificate - gnutls" \ "$G_NEXT_SRV --disable-client-cert --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ 0 \ -c "got no certificate request" \ - -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ -c "Protocol is TLSv1.3"