wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-04 08:05:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

TLS 1.2 message order check: certificate before CKE

Browse Source 
Make sure we received a Certificate message before the ClientKeyExchange
when a certificate is requested. (Certificate message will be empty when
client has no valid certificate.)
This commit is contained in:
Sean Parkinson
2026-01-28 10:00:44 +10:00
parent f7b5f00973
commit 5b6f86bc8e
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/internal.c
View File

@@ -18066,6 +18066,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E);
return OUT_OF_ORDER_E; return OUT_OF_ORDER_E;
} }
if (!ssl->options.resuming && ssl->options.verifyPeer &&
!ssl->options.usingPSK_cipher &&
!ssl->options.usingAnon_cipher &&
!ssl->msgsReceived.got_certificate) {
return OUT_OF_ORDER_E;
}
if (ssl->msgsReceived.got_certificate_verify|| if (ssl->msgsReceived.got_certificate_verify||
ssl->msgsReceived.got_change_cipher || ssl->msgsReceived.got_change_cipher ||
ssl->msgsReceived.got_finished) { ssl->msgsReceived.got_finished) {