compress-cert: don't send bad_certificate alert manually

The library API is not designed to proactively send alert by itself,
but it is rather a responsibility of the application to decide to
which alert to be sent when.  This removes the manual call to
gnutls_alert_send in the code handling TLS 1.3 Certificate message
when a decompression error happens.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/tls13/certificate.c b/lib/tls13/certificate.c
index d5fc847c51050762ad49dc795f62c2f62840b9de..b6355ea0ebcb6f0dad1009b0c486080011e68dc0 100644 (file)
--- a/lib/tls13/certificate.c
+++ b/lib/tls13/certificate.c
@@ -95,8 +95,7 @@ int _gnutls13_recv_certificate(gnutls_session_t session)
                ret = decompress_certificate(session, &buf);
                if (ret < 0) {
                        gnutls_assert();
-                       gnutls_alert_send(session, GNUTLS_AL_FATAL,
-                                         GNUTLS_A_BAD_CERTIFICATE);
+                       ret = GNUTLS_E_CERTIFICATE_ERROR;
                        goto cleanup;
                }
        }

diff --git a/tests/tls13/compress-cert-neg2.c b/tests/tls13/compress-cert-neg2.c
index 16b58e5648c8441d8d6ec0019ef66453171de529..2d8bf070039c659c12faa8e66f771421cbcc9398 100644 (file)
--- a/tests/tls13/compress-cert-neg2.c
+++ b/tests/tls13/compress-cert-neg2.c
@@ -124,7 +124,9 @@ static void client(int fd)
        do {
                ret = gnutls_handshake(session);
        } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-       if (ret >= 0)
+       if (ret < 0)
+               gnutls_alert_send_appropriate(session, ret);
+       else
                fail("client: handshake should have failed\n");
 
        gnutls_bye(session, GNUTLS_SHUT_WR);