wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3929 from hicksjacobp/tls13-cbclientcert

Browse Source 
fix: call CBClientCert for TLS 1.3 certificate requests
This commit is contained in:
Sean Parkinson
2021-04-12 09:25:22 +10:00
committed by GitHub
parent 04cc48b810 0ea9163253
commit 0197e133b1
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/tls13.c
View File

@@ -5034,6 +5034,11 @@ static int SendTls13Certificate(WOLFSSL* ssl)
byte certReqCtxLen = 0; byte certReqCtxLen = 0;
byte* certReqCtx = NULL; byte* certReqCtx = NULL;
#ifdef OPENSSL_EXTRA
WOLFSSL_X509* x509 = NULL;
WOLFSSL_EVP_PKEY* pkey = NULL;
#endif
WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND); WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND);
WOLFSSL_ENTER("SendTls13Certificate"); WOLFSSL_ENTER("SendTls13Certificate");
@@ -5044,6 +5049,22 @@ static int SendTls13Certificate(WOLFSSL* ssl)
} }
#endif #endif
#ifdef OPENSSL_EXTRA
/* call client cert callback if no cert has been loaded */
if ((ssl->ctx->CBClientCert != NULL) &&
(!ssl->buffers.certificate || !ssl->buffers.certificate->buffer)) {
ret = ssl->ctx->CBClientCert(ssl, &x509, &pkey);
if (ret == 1) {
if ((wolfSSL_CTX_use_certificate(ssl->ctx, x509) == WOLFSSL_SUCCESS) &&
(wolfSSL_CTX_use_PrivateKey(ssl->ctx, pkey) == WOLFSSL_SUCCESS)) {
ssl->options.sendVerify = SEND_CERT;
}
wolfSSL_X509_free(x509);
wolfSSL_EVP_PKEY_free(pkey);
}
}
#endif
if (ssl->options.sendVerify == SEND_BLANK_CERT) { if (ssl->options.sendVerify == SEND_BLANK_CERT) {
certSz = 0; certSz = 0;
certChainSz = 0; certChainSz = 0;