Add the certificate_required alert. This is part of TLS 1.3 draft 16 but isn't much of a wire format change, so go ahead and add it now. When rolling into Chromium, we'll want to add an entry to the error mapping. Change-Id: I8fd7f461dca83b725a31ae19ef96c890d603ce53 Reviewed-on: https://boringssl-review.googlesource.com/11563 Reviewed-by: David Benjamin <davidben@google.com>

commit: 1db9e1bc7a1b49057fb3e6b621652a322c8c04a4 [log] [tgz]
author: David Benjamin <davidben@google.com> Fri Oct 07 20:51:43 2016 -0400
committer: David Benjamin <davidben@google.com> Mon Oct 10 15:48:06 2016 +0000
tree: 51000abca210ba2844bd16012515c525c2fc7247
parent: 5d9ba81b6ca80a7cd738290d744f4372c4e319a1 [diff] [blame]
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 7c2fd17..abadf3a 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go

@@ -830,7 +830,7 @@
 			// The client didn't actually send a certificate
 			switch config.ClientAuth {
 			case RequireAnyClientCert, RequireAndVerifyClientCert:
-				c.sendAlert(alertBadCertificate)
+				c.sendAlert(alertCertificateRequired)
 				return errors.New("tls: client didn't provide a certificate")
 			}
 		}
commit	1db9e1bc7a1b49057fb3e6b621652a322c8c04a4	[log] [tgz]
author	David Benjamin <davidben@google.com>	Fri Oct 07 20:51:43 2016 -0400
committer	David Benjamin <davidben@google.com>	Mon Oct 10 15:48:06 2016 +0000
tree	51000abca210ba2844bd16012515c525c2fc7247
parent	5d9ba81b6ca80a7cd738290d744f4372c4e319a1 [diff] [blame]