Merge pull request #3020 from SparkiDev/tls13_psk_cr

TLS 1.3: Never send CertiifcateRequest when PSK
2020-06-04 11:07:22 -07:00
parent c3407e2052 0d1ed9efc7
commit 79465d70f7
2 changed files with 3 additions and 1 deletions
--- a/src/tls13.c
+++ b/src/tls13.c
@ -3711,6 +3711,8 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,

            /* Default to ciphersuite if cb doesn't specify. */
            ssl->options.resuming = 0;
+            /* Don't send certificate request when using PSK. */
+            ssl->options.verifyPeer = 0;

            /* PSK age is always zero. */
            if (current->ticketAge != ssl->session.ticketAdd)
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -1515,7 +1515,7 @@ enum Misc {

 /* number of items in the signature algo list */
 #ifndef WOLFSSL_MAX_SIGALGO
-    #define WOLFSSL_MAX_SIGALGO 32
+    #define WOLFSSL_MAX_SIGALGO 36
 #endif