From 76a35f2a77d7881ffb935e297aa5851ab930d01f Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 20 Jul 2020 09:12:43 +1000 Subject: [PATCH] TLS 1.3: Client with no certificate an error with define WOLFSSL_NO_CLIENT_CERT_ERROR --- src/internal.c | 3 +++ src/tls13.c | 6 ++++++ wolfssl/error-ssl.h | 1 + 3 files changed, 10 insertions(+) diff --git a/src/internal.c b/src/internal.c index 58b3d39ad..5c8ab15c8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -18404,6 +18404,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case DTLS_SIZE_ERROR: return "DTLS trying to send too much in single datagram error"; + case NO_CERT_ERROR: + return "TLS1.3 No Certificate Set Error"; + default : return "unknown error number"; } diff --git a/src/tls13.c b/src/tls13.c index 7c70d6f3d..755a916d1 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3202,7 +3202,13 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, ssl->options.sendVerify = SEND_CERT; } else { +#ifndef WOLFSSL_NO_CLIENT_CERT_ERROR ssl->options.sendVerify = SEND_BLANK_CERT; +#else + WOLFSSL_MSG("Certificate required but none set on client"); + SendAlert(ssl, alert_fatal, illegal_parameter); + return NO_CERT_ERROR; +#endif } /* This message is always encrypted so add encryption padding. */ diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h index 9478242aa..c6870d96c 100644 --- a/wolfssl/error-ssl.h +++ b/wolfssl/error-ssl.h @@ -168,6 +168,7 @@ enum wolfSSL_ErrorCodes { SSL_SHUTDOWN_ALREADY_DONE_E = -437, /* Shutdown called redundantly */ TLS13_SECRET_CB_E = -438, /* TLS1.3 secret Cb fcn failure */ DTLS_SIZE_ERROR = -439, /* Trying to send too much data */ + NO_CERT_ERROR = -440, /* TLS1.3 - no cert set error */ /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */