Send a decode error alert if a server provides an empty certificate list.

According to RFC 8446 section 4.4.2.4, a client receiving an empty
certificate list must abort the handshake with a decode error alert.

ok beck@ inoguchi@ tb@ ('it rarely is the alert you'd expect it to be...')

1 files changed, 2 insertions, 2 deletions

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index d3a68528bc..652953f2bb 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.60 2020/05/16 14:44:55 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.61 2020/05/17 14:26:15 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -597,7 +597,7 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
 
         /* A server must always provide a non-empty certificate list. */
         if (sk_X509_num(certs) < 1) {
-                ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
+                ctx->alert = TLS13_ALERT_DECODE_ERROR;
                 tls13_set_errorx(ctx, TLS13_ERR_NO_PEER_CERTIFICATE, 0,
                     "peer failed to provide a certificate", NULL);
                 goto err;