From 88e049e005ac33a5ac9a3346e3eb83733f7290a4 Mon Sep 17 00:00:00 2001
From: gstarovo <gstarovo@redhat.com>
Date: Wed, 30 Oct 2024 14:18:33 +0100
Subject: [PATCH] fix: alert illegal_extension is added due to rfc, when
 uncompressed format is not found; alert decode_error is added when the list
 of ecc extenison is empty

---
 tlslite/tlsconnection.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py
index ac108da1..6e34e060 100644
--- a/tlslite/tlsconnection.py
+++ b/tlslite/tlsconnection.py
@@ -4409,6 +4409,23 @@ def _serverCertKeyExchange(self, clientHello, serverHello, sigHashAlg,
                     AlertDescription.insufficient_security,
                     str(alert)):
                 yield result
+        except DecodeError as alert:
+            for result in self._sendError(
+                    AlertDescription.illegal_parameter,
+                    str(alert)):
+                yield result
+        except TLSIllegalParameterException as alert:
+            alert = Alert().create(AlertDescription.illegal_parameter,
+                                           AlertLevel.fatal)
+            for result in self._sendMsg(alert):
+                yield result
+            raise
+        except TLSDecodeError as alert:
+            alert = Alert().create(AlertDescription.decode_error,
+                                           AlertLevel.fatal)
+            for result in self._sendMsg(alert):
+                yield result
+            raise
         if serverKeyExchange is not None:
             msgs.append(serverKeyExchange)
         if reqCert: