From c1dc90d9b0096ced4b1af07b81d1ad62e6a822b2 Mon Sep 17 00:00:00 2001
From: Marco Oliverio <marco@wolfssl.com>
Date: Fri, 20 May 2022 10:00:28 +0200
Subject: [PATCH] server: request cert only once if doing post-handshake auth

---
 examples/server/server.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/examples/server/server.c b/examples/server/server.c
index 3e92e9d9d..9c7bcd155 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -2789,10 +2789,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         if (postHandAuth) {
             unsigned int verify_flags = 0;
 
-            SSL_set_verify(ssl, WOLFSSL_VERIFY_PEER |
-                                ((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
-                                WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0);
-
         #ifdef TEST_BEFORE_DATE
             verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
         #endif
@@ -3337,9 +3333,19 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             if (updateKeysIVs)
                 wolfSSL_update_keys(ssl);
 #endif
-#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
-            if (postHandAuth)
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+            if (postHandAuth) {
+
+                SSL_set_verify(ssl, WOLFSSL_VERIFY_PEER |
+                               ((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
+                                WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0);
+
                 wolfSSL_request_certificate(ssl);
+            }
+
+    #endif
 #endif
 #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
             if (sendTicket) {