From 8650699b1869f80bbf61c9ae64c0b11e1c531cac Mon Sep 17 00:00:00 2001
From: beck <>
Date: Tue, 9 Jul 2024 13:43:57 +0000
Subject: Don't push the error stack in ssl_sigalg_select()

Doing so breaks certificate selection if a TLS 1.3 client does not support
EC certs, and needs to fall back to RSA.

ok tb@
---
 src/lib/libssl/ssl_sigalgs.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index 9876e82a6f..18d71f6b95 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.49 2024/02/03 15:58:34 beck Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.50 2024/07/09 13:43:57 beck Exp $ */
 /*
  * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -337,7 +337,6 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
 			return sigalg;
 	}
 
-	SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
 	return NULL;
 }
 
-- 
cgit v1.2.3-55-g6feb