From c27a9074c4f5323c0d675760dcc499a169e51ee1 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Tue, 27 Sep 2022 10:02:42 +0200
Subject: [PATCH] tls13: server: Add comment when trying another sig alg

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/ssl_tls13_generic.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 858fe0316..2fe382b2b 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1021,6 +1021,12 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
              MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify signature failed with %s",
                                     mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) );
              MBEDTLS_SSL_DEBUG_RET( 2, "mbedtls_pk_sign_ext", ret );
+
+             /* The signature failed. This is possible if the private key
+              * was not suitable for the signature operation as purposely we
+              * did not check its suitability completely. Let's try with
+              * another signature algorithm.
+              */
              continue;
         }