use HandshakeFailure by default in verification

Verification error is not always raised by bad certificate, especially
in user provided verifier. For example, they may raise HSM connection
error or dynamic certificate resolve error.

All of them is not about bad certificate. So send BadCertificateAlert is
not appropriate.

bogo/config.json

@@ -380,8 +380,10 @@
   },
   "TestLocalErrorMap": {
     "SendServerHelloAsHelloRetryRequest": "remote error: error decoding message",
-    "GarbageCertificate-Server-TLS12": "remote error: access denied",
-    "GarbageCertificate-Server-TLS13": "remote error: access denied",
+    "GarbageCertificate-Server-TLS12": "remote error: bad certificate",
+    "GarbageCertificate-Server-TLS13": "remote error: bad certificate",
+    "GarbageCertificate-Client-TLS12": "remote error: bad certificate",
+    "GarbageCertificate-Client-TLS13": "remote error: bad certificate",
     "Client-VerifyDefault-RSA_PKCS1_SHA1-TLS12": "tls: no common signature algorithms",
     "Server-VerifyDefault-RSA_PKCS1_SHA1-TLS12": "tls: no common signature algorithms",
     "Downgrade-TLS10-Client": "tls: no cipher suite supported by both client and server",

rustls/src/client/tls12.rs

@@ -740,7 +740,7 @@ impl State<ClientConnectionData> for ExpectServerDone {
                 &st.server_cert.ocsp_response,
                 now,
             )
-            .map_err(|err| conn::send_cert_error_alert(cx.common, err))?;
+            .map_err(|err| conn::send_cert_verify_error_alert(cx.common, err))?;
 
         // 3.
         // Build up the contents of the signed message.
@@ -766,7 +766,7 @@ impl State<ClientConnectionData> for ExpectServerDone {
             st.config
                 .verifier
                 .verify_tls12_signature(&message, &st.server_cert.cert_chain[0], sig)
-                .map_err(|err| conn::send_cert_error_alert(cx.common, err))?
+                .map_err(|err| conn::send_cert_verify_error_alert(cx.common, err))?
         };
         cx.common.peer_certificates = Some(st.server_cert.cert_chain);
 

rustls/src/client/tls13.rs

@@ -669,7 +669,7 @@ impl State<ClientConnectionData> for ExpectCertificateVerify {
                 &self.server_cert.ocsp_response,
                 now,
             )
-            .map_err(|err| conn::send_cert_error_alert(cx.common, err))?;
+            .map_err(|err| conn::send_cert_verify_error_alert(cx.common, err))?;
 
         // 2. Verify their signature on the handshake.
         let handshake_hash = self.transcript.get_current_hash();
@@ -681,7 +681,7 @@ impl State<ClientConnectionData> for ExpectCertificateVerify {
                 &self.server_cert.cert_chain[0],
                 cert_verify,
             )
-            .map_err(|err| conn::send_cert_error_alert(cx.common, err))?;
+            .map_err(|err| conn::send_cert_verify_error_alert(cx.common, err))?;
 
         cx.common.peer_certificates = Some(self.server_cert.cert_chain);
         self.transcript.add_message(&m);

rustls/src/conn.rs

@@ -1433,16 +1433,19 @@ pub trait SideData {}
 const DEFAULT_RECEIVED_PLAINTEXT_LIMIT: usize = 16 * 1024;
 const DEFAULT_BUFFER_LIMIT: usize = 64 * 1024;
 
-pub(crate) fn send_cert_error_alert(common: &mut CommonState, err: Error) -> Error {
+pub(crate) fn send_cert_verify_error_alert(common: &mut CommonState, err: Error) -> Error {
     match err {
         Error::InvalidCertificate(CertificateError::BadEncoding) => {
             common.send_fatal_alert(AlertDescription::DecodeError);
         }
+        Error::InvalidCertificate(_) => {
+            common.send_fatal_alert(AlertDescription::BadCertificate);
+        }
         Error::PeerMisbehaved(_) => {
             common.send_fatal_alert(AlertDescription::IllegalParameter);
         }
         _ => {
-            common.send_fatal_alert(AlertDescription::BadCertificate);
+            common.send_fatal_alert(AlertDescription::HandshakeFailure);
         }
     };
 

rustls/tests/server_cert_verifier.rs

@@ -58,7 +58,7 @@ fn client_can_override_certificate_verification_and_reject_certificate() {
                     ErrorFromPeer::Client(Error::InvalidMessage(
                         InvalidMessage::HandshakePayloadTooLarge,
                     )),
-                    ErrorFromPeer::Server(Error::AlertReceived(AlertDescription::BadCertificate)),
+                    ErrorFromPeer::Server(Error::AlertReceived(AlertDescription::HandshakeFailure)),
                 ]),
             );
         }
@@ -89,7 +89,7 @@ fn client_can_override_certificate_verification_and_reject_tls12_signatures() {
                 ErrorFromPeer::Client(Error::InvalidMessage(
                     InvalidMessage::HandshakePayloadTooLarge,
                 )),
-                ErrorFromPeer::Server(Error::AlertReceived(AlertDescription::BadCertificate)),
+                ErrorFromPeer::Server(Error::AlertReceived(AlertDescription::HandshakeFailure)),
             ]),
         );
     }
@@ -118,7 +118,7 @@ fn client_can_override_certificate_verification_and_reject_tls13_signatures() {
                 ErrorFromPeer::Client(Error::InvalidMessage(
                     InvalidMessage::HandshakePayloadTooLarge,
                 )),
-                ErrorFromPeer::Server(Error::AlertReceived(AlertDescription::BadCertificate)),
+                ErrorFromPeer::Server(Error::AlertReceived(AlertDescription::HandshakeFailure)),
             ]),
         );
     }