Merge pull request #3149 from SparkiDev/tls13_no_cli_cert_err

TLS 1.3: Client with no certificate an error with define

src/internal.c

@@ -18404,6 +18404,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case DTLS_SIZE_ERROR:
         return "DTLS trying to send too much in single datagram error";
 
+    case NO_CERT_ERROR:
+        return "TLS1.3 No Certificate Set Error";
+
     default :
         return "unknown error number";
     }

src/tls13.c

@@ -3202,7 +3202,13 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
         ssl->options.sendVerify = SEND_CERT;
     }
     else {
+#ifndef WOLFSSL_NO_CLIENT_CERT_ERROR
         ssl->options.sendVerify = SEND_BLANK_CERT;
+#else
+        WOLFSSL_MSG("Certificate required but none set on client");
+        SendAlert(ssl, alert_fatal, illegal_parameter);
+        return NO_CERT_ERROR;
+#endif
     }
 
     /* This message is always encrypted so add encryption padding. */

wolfssl/error-ssl.h

@@ -168,6 +168,7 @@ enum wolfSSL_ErrorCodes {
     SSL_SHUTDOWN_ALREADY_DONE_E  = -437,   /* Shutdown called redundantly */
     TLS13_SECRET_CB_E            = -438,   /* TLS1.3 secret Cb fcn failure */
     DTLS_SIZE_ERROR              = -439,   /* Trying to send too much data */
+    NO_CERT_ERROR                = -440,   /* TLS1.3 - no cert set error */
 
     /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */