ssl: Fix alert handling (TLS 1.3)

Server and client use different secrets when sending certificate related
alerts. This is due to a change to the TLS protocol where clients send
their 'certificate' message after they have received the server's 'finished'
message.

1 files changed, 8 insertions, 1 deletions

diff --git a/lib/ssl/test/ssl_certificate_verify_SUITE.erl b/lib/ssl/test/ssl_certificate_verify_SUITE.erl
index 358e9f8f77..c6982bb928 100644
--- a/lib/ssl/test/ssl_certificate_verify_SUITE.erl
+++ b/lib/ssl/test/ssl_certificate_verify_SUITE.erl
@@ -302,7 +302,13 @@ server_require_peer_cert_fail(Config) when is_list(Config) ->
 					      {from, self()},
 					      {options, [{active, Active} | BadClientOpts]}]),
 
-    ssl_test_lib:check_server_alert(Server, Client, handshake_failure).
+    Version = proplists:get_value(version,Config),
+    case Version of
+        'tlsv1.3' ->
+            ssl_test_lib:check_server_alert(Server, Client, certificate_required);
+        _ ->
+            ssl_test_lib:check_server_alert(Server, Client, handshake_failure)
+    end.
 
 %%--------------------------------------------------------------------
 server_require_peer_cert_empty_ok() ->
@@ -855,6 +861,7 @@ invalid_signature_server(Config) when is_list(Config) ->
 					      {from, self()},
 					      {options, [{verify, verify_peer} | ClientOpts]}]),
     ssl_test_lib:check_server_alert(Server, Client, unknown_ca).
+
 %%--------------------------------------------------------------------
 
 invalid_signature_client() ->