From 2a4766198ae7cff73cc4db0ddeb2cecf819887dd Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Sun, 30 Jul 2017 08:56:17 +0900
Subject: [PATCH] add SendAlert(ssl, alert_fatal, bad_certificate);

---
 src/internal.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 272c4eb00..27b03d6c7 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -8421,7 +8421,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         if (!ok) {
                             WOLFSSL_MSG("Verify callback overriding valid certificate!");
                             ret = -1;
-                            SendAlert(ssl, alert_fatal, bad_certificate);
                             ssl->options.isClosed = 1;
                         }
                     #ifndef NO_CERTS
@@ -8526,6 +8525,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     }
                     else {
                         WOLFSSL_MSG("\tNo callback override available, fatal");
+                        SendAlert(ssl, alert_fatal, bad_certificate);
                         args->fatal = 1;
                     }
                 }
@@ -8678,6 +8678,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
                 if (args->fatal) {
                     ssl->error = ret;
+                    SendAlert(ssl, alert_fatal, bad_certificate);
                 #ifdef OPENSSL_EXTRA
                     ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
                 #endif
@@ -23593,7 +23594,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             return ret;
         }
     #endif /* WOLFSSL_ASYNC_CRYPT */
-
+        if (ret != 0){
+             SendAlert(ssl, alert_fatal, bad_certificate);
+        }
         /* Digest is not allocated, so do this to prevent free */
         ssl->buffers.digest.buffer = NULL;
         ssl->buffers.digest.length = 0;