From ac63f756e81606d450586281c14ce0c8cd70790c Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 24 Jan 2022 13:51:48 +0000
Subject: In ssl3_get_server_key_exchange() switch a 'goto err' to 'goto
 fatal_err' so that the illegal_parameter alert is actually sent in case of
 X509_get0_pubkey() failure.

ok inoguchi jsing
---
 src/lib/libssl/ssl_clnt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 61c1d71c8e..7e4ef44b9c 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.137 2022/01/11 19:03:15 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.138 2022/01/24 13:51:48 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1378,7 +1378,7 @@ ssl3_get_server_key_exchange(SSL *s)
 		if (pkey == NULL) {
 			al = SSL_AD_ILLEGAL_PARAMETER;
 			SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-			goto err;
+			goto fatal_err;
 		}
 
 		if (SSL_USE_SIGALGS(s)) {
-- 
cgit v1.2.3-55-g6feb