Use the right alert for bad CA lists.
Bug: 245
Change-Id: I6bfaf2dbe4996219773742a88c401d6cfffe3a3d
Reviewed-on: https://boringssl-review.googlesource.com/28284
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc
index 730280c..8b56955 100644
--- a/ssl/ssl_cert.cc
+++ b/ssl/ssl_cert.cc
@@ -663,7 +663,7 @@
}
if (!ssl->ctx->x509_method->check_client_CA_list(ret.get())) {
- *out_alert = SSL_AD_INTERNAL_ERROR;
+ *out_alert = SSL_AD_DECODE_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
return nullptr;
}