tls13: alert illegal_parameter for ctx

This commit is contained in:
Jeremiah Mackey
2026-05-07 16:53:20 +00:00
parent b023a719b1
commit a5ee9604c7
+7 -2
View File
@@ -6089,8 +6089,13 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
len = input[(*inOutIdx)++];
if ((*inOutIdx - begin) + len > size)
return BUFFER_ERROR;
if (ssl->options.connectState < FINISHED_DONE && len > 0)
return BUFFER_ERROR;
/* INVALID_PARAMETER does not map to illegal_parameter in the central
* alert path, so emit the alert explicitly before returning. */
if (ssl->options.connectState < FINISHED_DONE && len > 0) {
SendAlert(ssl, alert_fatal, illegal_parameter);
WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER);
return INVALID_PARAMETER;
}
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
/* Remember the request context bytes; the CertReqCtx allocation and