From 0d1ed9efc7b1cd266406076fbcc804c5535d5095 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Wed, 3 Jun 2020 12:48:31 +1000
Subject: [PATCH] TLS 1.3: Never send CertiifcateRequest when PSK

Server must not send a CertificateRequest when authenticating with a
PSK.
Increase the max size of the signature algorithms as ED448 has been
added.
---
 src/tls13.c        | 2 ++
 wolfssl/internal.h | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/tls13.c b/src/tls13.c
index 9b9b1d1b9..0227b864b 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -3711,6 +3711,8 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
 
             /* Default to ciphersuite if cb doesn't specify. */
             ssl->options.resuming = 0;
+            /* Don't send certificate request when using PSK. */
+            ssl->options.verifyPeer = 0;
 
             /* PSK age is always zero. */
             if (current->ticketAge != ssl->session.ticketAdd)
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 75586e475..a66dfc58e 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1515,7 +1515,7 @@ enum Misc {
 
 /* number of items in the signature algo list */
 #ifndef WOLFSSL_MAX_SIGALGO
-    #define WOLFSSL_MAX_SIGALGO 32
+    #define WOLFSSL_MAX_SIGALGO 36
 #endif