alert: GNUTLS_E_NO_CERTIFICATE_FOUND maps to GNUTLS_A_DECODE_ERROR

This is the closest to use alert when no certificate is found; at least
it is closer according to tlsfuzzer and rfc5246 text on insuficient_security
alert.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/alert.c b/lib/alert.c
index 8b262b7b43c73028e5c35a33913aba560ac934e7..c22b84bd36e1f9a8a8c55225b88643e908935004 100644 (file)
--- a/lib/alert.c
+++ b/lib/alert.c
@@ -203,6 +203,7 @@ int gnutls_error_to_alert(int err, int *level)
                break;
        case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
        case GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH:
+       case GNUTLS_E_NO_CERTIFICATE_FOUND:
                ret = GNUTLS_A_DECODE_ERROR;
                _level = GNUTLS_AL_FATAL;
                break;
@@ -294,7 +295,6 @@ int gnutls_error_to_alert(int err, int *level)
                _level = GNUTLS_AL_FATAL;
                break;
        case GNUTLS_E_DH_PRIME_UNACCEPTABLE:
-       case GNUTLS_E_NO_CERTIFICATE_FOUND:
        case GNUTLS_E_SESSION_USER_ID_CHANGED:
                ret = GNUTLS_A_INSUFFICIENT_SECURITY;
                _level = GNUTLS_AL_FATAL;