diff --git a/tlslite/keyexchange.py b/tlslite/keyexchange.py index 88789e06..05dc464f 100644 --- a/tlslite/keyexchange.py +++ b/tlslite/keyexchange.py @@ -714,8 +714,7 @@ def makeServerKeyExchange(self, sigHash=None): ext_s = self.serverHello.getExtension(ExtensionType.ec_point_formats) if ext_c: if ext_c.formats == []: - raise TLSIllegalParameterException("Point formats \ - extension is empty.") + raise TLSDecodeError("Point formats extension is empty.") elif ECPointFormat.uncompressed not in ext_c.formats: raise TLSIllegalParameterException( "The client does not advertise " @@ -1110,7 +1109,8 @@ def calc_shared_key(self, private, peer_share, :returns: shared key :raises TLSIllegalParameterException - when the paramentrs for point are invalid; + when the paramentrs for point are invalid. + :raises TLSDecodeError when the the valid_point_formats is empty. """ @@ -1135,7 +1135,7 @@ def calc_shared_key(self, private, peer_share, except AssertionError: raise TLSIllegalParameterException("Invalid ECC point") except DecodeError: - raise TLSIllegalParameterException("Empty point format extension") + raise TLSDecodeError("Empty point formats extension") if isinstance(private, ecdsa.keys.SigningKey): ecdh = ecdsa.ecdh.ECDH(curve=curve, private_key=private) ecdh.load_received_public_key_bytes(peer_share, diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py index 441b503d..f0b673c8 100644 --- a/tlslite/tlsconnection.py +++ b/tlslite/tlsconnection.py @@ -4473,6 +4473,12 @@ def _serverCertKeyExchange(self, clientHello, serverHello, sigHashAlg, for result in self._sendError(alert): yield result raise + except TLSDecodeError as alert: + alert = Alert().create(AlertDescription.decode_error, + AlertLevel.fatal) + for result in self._sendError(alert): + yield result + raise if serverKeyExchange is not None: msgs.append(serverKeyExchange) if reqCert: