wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: call CBClientCert for TLS 1.3 certificate requests

Browse Source
This commit is contained in:
Jake Hicks
2021-03-29 09:37:53 -05:00
parent c3fcb2e95f
commit 0ea9163253
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/tls13.c
View File

@@ -5034,6 +5034,11 @@ static int SendTls13Certificate(WOLFSSL* ssl)
byte certReqCtxLen = 0;
byte* certReqCtx = NULL;
#ifdef OPENSSL_EXTRA
WOLFSSL_X509* x509 = NULL;
WOLFSSL_EVP_PKEY* pkey = NULL;
#endif
WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND);
WOLFSSL_ENTER("SendTls13Certificate");
@@ -5044,6 +5049,22 @@ static int SendTls13Certificate(WOLFSSL* ssl)
}
#endif
#ifdef OPENSSL_EXTRA
/* call client cert callback if no cert has been loaded */
if ((ssl->ctx->CBClientCert != NULL) &&
(!ssl->buffers.certificate || !ssl->buffers.certificate->buffer)) {
ret = ssl->ctx->CBClientCert(ssl, &x509, &pkey);
if (ret == 1) {
if ((wolfSSL_CTX_use_certificate(ssl->ctx, x509) == WOLFSSL_SUCCESS) &&
(wolfSSL_CTX_use_PrivateKey(ssl->ctx, pkey) == WOLFSSL_SUCCESS)) {
ssl->options.sendVerify = SEND_CERT;
}
wolfSSL_X509_free(x509);
wolfSSL_EVP_PKEY_free(pkey);
}
}
#endif
if (ssl->options.sendVerify == SEND_BLANK_CERT) {
certSz = 0;
certChainSz = 0;