tls13: server: Add comment when trying another sig alg Signed-off-by: Ronald Cron <ronald.cron@arm.com>

commit: c27a9074c4f5323c0d675760dcc499a169e51ee1 [log] [tgz]
author: Ronald Cron <ronald.cron@arm.com> Tue Sep 27 10:02:42 2022 +0200
committer: Ronald Cron <ronald.cron@arm.com> Tue Sep 27 10:07:55 2022 +0200
tree: a5ffd1c304eb1e46aa18e490e5baafcdc0ad4126
parent: b72dac4ed745af24eb7ff4e6408f5f629f5ec796 [diff] [blame]
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 858fe03..2fe382b 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c

@@ -1021,6 +1021,12 @@
              MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify signature failed with %s",
                                     mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) );
              MBEDTLS_SSL_DEBUG_RET( 2, "mbedtls_pk_sign_ext", ret );
+
+             /* The signature failed. This is possible if the private key
+              * was not suitable for the signature operation as purposely we
+              * did not check its suitability completely. Let's try with
+              * another signature algorithm.
+              */
              continue;
         }
commit	c27a9074c4f5323c0d675760dcc499a169e51ee1	[log] [tgz]
author	Ronald Cron <ronald.cron@arm.com>	Tue Sep 27 10:02:42 2022 +0200
committer	Ronald Cron <ronald.cron@arm.com>	Tue Sep 27 10:07:55 2022 +0200
tree	a5ffd1c304eb1e46aa18e490e5baafcdc0ad4126
parent	b72dac4ed745af24eb7ff4e6408f5f629f5ec796 [diff] [blame]