Add non support sig alg check and test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index c9a95e1..2338beb 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1164,7 +1164,10 @@
if( !mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "signature algorithm not in received list." ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index c61f235..61c4407 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -9861,7 +9861,7 @@
key_file=data_files/cli2.key" \
0 \
-c "got no certificate request" \
- -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
@@ -9871,13 +9871,13 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
-run_test "TLS 1.3: No client authentication, client has certificate- gnutls" \
+run_test "TLS 1.3: No client authentication, client has certificate - gnutls" \
"$G_NEXT_SRV --disable-client-cert --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \
key_file=data_files/cli2.key" \
0 \
-c "got no certificate request" \
- -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"