From b9ba33b0c7f77fc7b3e33c32ded38da7ee4c7c55 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 20 Jan 2020 13:10:37 +0000
Subject: Provide an error framework for use with the TLSv1.3 code.

This is based on the libtls error handling code, but adds machine readable
codes and subcodes. We then map these codes back to libssl error codes.

ok beck@ inoguchi@
---
 src/lib/libssl/tls13_client.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/tls13_client.c')

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 6dcf8c85b6..07b9ede345 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.19 2019/11/17 06:30:12 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.20 2020/01/20 13:10:37 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -499,6 +499,8 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx)
 	if (ssl_verify_cert_chain(s, certs) <= 0 &&
 	    s->verify_mode != SSL_VERIFY_NONE) {
 		/* XXX send alert */
+		tls13_set_errorx(ctx, TLS13_ERR_VERIFY_FAILED, 0,
+		    "failed to verify peer certificate", NULL);
 		goto err;
 	}
 	ERR_clear_error();
-- 
cgit v1.2.3-55-g6feb