Merge pull request #5874 from JacobBarthelmeh/tls13

adjust post auth support with TLS 1.3
2022-12-13 09:39:31 +10:00
parent d0c9ec6681 389cf6ed0a
commit a7a6d5b297
1 changed files with 8 additions and 1 deletions
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -8695,7 +8695,11 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
        }
        else
 #endif
-        if (!ssl->options.havePeerCert || !ssl->options.havePeerVerify) {
+        if (
+        #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
+            !ssl->options.verifyPostHandshake &&
+        #endif
+            (!ssl->options.havePeerCert || !ssl->options.havePeerVerify)) {
            ret = NO_PEER_CERT; /* NO_PEER_VERIFY */
            WOLFSSL_MSG("TLS v1.3 client did not present peer cert");
            DoCertFatalAlert(ssl, ret);
@@ -10220,6 +10224,9 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
                 * no certificate available.
                 */
                if (ssl->options.verifyPeer &&
+                #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
+                    !ssl->options.verifyPostHandshake &&
+                #endif
                                           !ssl->msgsReceived.got_certificate) {
                    WOLFSSL_MSG("Finished received out of order - "
                                "missing Certificate message");