From f8e674e45d209c01d2cad5f03715997dab74b29a Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 14 Dec 2020 16:53:54 -0800
Subject: [PATCH] PSK Alert When the server cannot match the client's identity,
 the server sends a unknown_psk_identity alert to the client.

---
 src/internal.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 9db500b13..5a529ba5b 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -29405,6 +29405,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
                         if (ssl->arrays->psk_keySz == 0 ||
                                 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
+                            #ifdef WOLFSSL_EXTRA_ALERTS
+                                SendAlert(ssl, alert_fatal,
+                                        unknown_psk_identity);
+                            #endif
                             ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
                         }
 
@@ -30285,6 +30289,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
                         if (ssl->arrays->psk_keySz == 0 ||
                                 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
+                            #ifdef WOLFSSL_EXTRA_ALERTS
+                                SendAlert(ssl, alert_fatal,
+                                        unknown_psk_identity);
+                            #endif
                             ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
                         }