From ccf5fc624c26da6d74c37ba18834beadc35e2bad Mon Sep 17 00:00:00 2001
From: beck <beck@openbsd.org>
Date: Tue, 9 Jul 2024 13:43:57 +0000
Subject: [PATCH] Don't push the error stack in ssl_sigalg_select()

Doing so breaks certificate selection if a TLS 1.3 client does not support
EC certs, and needs to fall back to RSA.

ok tb@
---
 lib/libssl/ssl_sigalgs.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/libssl/ssl_sigalgs.c b/lib/libssl/ssl_sigalgs.c
index 9876e82a6f9..18d71f6b958 100644
--- a/lib/libssl/ssl_sigalgs.c
+++ b/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.49 2024/02/03 15:58:34 beck Exp $ */
+/* $OpenBSD: ssl_sigalgs.c,v 1.50 2024/07/09 13:43:57 beck Exp $ */
 /*
  * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -337,7 +337,6 @@ ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
 			return sigalg;
 	}
 
-	SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
 	return NULL;
 }
 
-- 
2.20.1