server: request cert only once if doing post-handshake auth

2022-05-20 10:00:28 +02:00
parent ca05ad2dc0
commit c1dc90d9b0
1 changed files with 12 additions and 6 deletions
--- a/examples/server/server.c
+++ b/examples/server/server.c
@ -2789,10 +2789,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
        if (postHandAuth) {
            unsigned int verify_flags = 0;

-            SSL_set_verify(ssl, WOLFSSL_VERIFY_PEER |
-                                ((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
-                                WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0);
-
        #ifdef TEST_BEFORE_DATE
            verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
        #endif
@ -3337,9 +3333,19 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
            if (updateKeysIVs)
                wolfSSL_update_keys(ssl);
 #endif
-#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
-            if (postHandAuth)
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+            if (postHandAuth) {
+
+                SSL_set_verify(ssl, WOLFSSL_VERIFY_PEER |
+                               ((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
+                                WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0);
+
                wolfSSL_request_certificate(ssl);
+            }
+
+    #endif
 #endif
 #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
            if (sendTicket) {