Send correct fatal alert the renegotation extension fails to match. https://tools.ietf.org/html/rfc5746#section-3.4 says that handshake_failure is the correct alert to send, but we were sending illegal_parameter. Change-Id: Ife951c5951f6f8e4c31a3f2f57307bfed1c24561 Reviewed-on: https://boringssl-review.googlesource.com/18408 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 10e10602612bac4d805e6497455fca7f17e6e879 [log] [tgz]
author: Adam Langley <agl@google.com> Tue Jul 25 13:33:21 2017 -0700
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Jul 25 21:02:43 2017 +0000
tree: 04e1dcfe620f661c749e44e9f99745329f506ede
parent: 22df69103f807d92595c67ea421aa51b0b34ed13 [diff] [blame]
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 19f256d..283f22c 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc

@@ -802,7 +802,7 @@
 #endif
   if (!ok) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
-    *out_alert = SSL_AD_ILLEGAL_PARAMETER;
+    *out_alert = SSL_AD_HANDSHAKE_FAILURE;
     return 0;
   }
   ssl->s3->send_connection_binding = 1;
commit	10e10602612bac4d805e6497455fca7f17e6e879	[log] [tgz]
author	Adam Langley <agl@google.com>	Tue Jul 25 13:33:21 2017 -0700
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Tue Jul 25 21:02:43 2017 +0000
tree	04e1dcfe620f661c749e44e9f99745329f506ede
parent	22df69103f807d92595c67ea421aa51b0b34ed13 [diff] [blame]