feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

server: request cert only once if doing post-handshake auth

Browse Source
This commit is contained in:
Marco Oliverio
2022-05-20 10:00:28 +02:00
committed by David Garske
parent ca05ad2dc0
commit c1dc90d9b0
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
examples/server/server.c
View File

@@ -2789,10 +2789,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
if (postHandAuth) { if (postHandAuth) {
unsigned int verify_flags = 0; unsigned int verify_flags = 0;
SSL_set_verify(ssl, WOLFSSL_VERIFY_PEER |
((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0);
#ifdef TEST_BEFORE_DATE #ifdef TEST_BEFORE_DATE
verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY; verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
#endif #endif
@@ -3337,9 +3333,19 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
if (updateKeysIVs) if (updateKeysIVs)
wolfSSL_update_keys(ssl); wolfSSL_update_keys(ssl);
#endif #endif
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (postHandAuth) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (postHandAuth) {
SSL_set_verify(ssl, WOLFSSL_VERIFY_PEER |
((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK :
WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0);
wolfSSL_request_certificate(ssl); wolfSSL_request_certificate(ssl);
}
#endif
#endif #endif
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
if (sendTicket) { if (sendTicket) {