[gnutls-devel] GnuTLS | Wrong alert when client does not advertise any groups that server supports (#537)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Aug 3 14:39:52 CEST 2018


Thanks, most likely the fix is trivial, though I haven't tried it yet (may be side-effects if the server and client use this error code for different purposes).
```
diff --git a/lib/alert.c b/lib/alert.c
index 6b1950778..39797c165 100644
--- a/lib/alert.c
+++ b/lib/alert.c
@@ -220,7 +220,6 @@ int gnutls_error_to_alert(int err, int *level)
        case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:
        case GNUTLS_E_ILLEGAL_SRP_USERNAME:
        case GNUTLS_E_PK_INVALID_PUBKEY:
-       case GNUTLS_E_NO_COMMON_KEY_SHARE:
                ret = GNUTLS_A_ILLEGAL_PARAMETER;
                _level = GNUTLS_AL_FATAL;
                break;
@@ -254,6 +253,7 @@ int gnutls_error_to_alert(int err, int *level)
        case GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL:
        case GNUTLS_E_UNKNOWN_PK_ALGORITHM:
        case GNUTLS_E_UNWANTED_ALGORITHM:
+       case GNUTLS_E_NO_COMMON_KEY_SHARE:
                ret = GNUTLS_A_HANDSHAKE_FAILURE;
                _level = GNUTLS_AL_FATAL;
                break;
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/537#note_92344438
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180803/8cd745b6/attachment.html>


More information about the Gnutls-devel mailing list