mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 14:00:48 +02:00
Send correct alert type when server requests certificate and client has none set.
Thanks to Cal Page for the report.
This commit is contained in:
+4
-1
@@ -6156,7 +6156,10 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
|
||||
ssl->options.sendVerify = SEND_BLANK_CERT;
|
||||
#else
|
||||
WOLFSSL_MSG("Certificate required but none set on client");
|
||||
SendAlert(ssl, alert_fatal, illegal_parameter);
|
||||
/* RFC 8446 Section 4.4.2.4: send certificate_required when a
|
||||
* peer (here, the client) cannot provide a certificate that the
|
||||
* other peer required. */
|
||||
SendAlert(ssl, alert_fatal, certificate_required);
|
||||
WOLFSSL_ERROR_VERBOSE(NO_CERT_ERROR);
|
||||
return NO_CERT_ERROR;
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user