Merge pull request #2476 from dgarske/pkcb_tls13

Fix for TLS v1.3 and PK callbacks
2019-09-20 08:10:43 +10:00 · 2019-09-20 08:10:43 +10:00 · dfc00bf057
parent c16b02a265 ae25027135
commit dfc00bf057
1 changed files with 7 additions and 2 deletions
--- a/src/tls13.c
+++ b/src/tls13.c
@ -3401,7 +3401,11 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
 #endif

    if (ssl->buffers.certificate && ssl->buffers.certificate->buffer &&
-        ssl->buffers.key && ssl->buffers.key->buffer) {
+        ((ssl->buffers.key && ssl->buffers.key->buffer)
+        #ifdef HAVE_PK_CALLBACKS
+            || wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)
+        #endif
+    )) {
 #ifndef WOLFSSL_TLS13_DRAFT_18
        if (PickHashSigAlgo(ssl, peerSuites.hashSigAlgo,
                                               peerSuites.hashSigAlgoSz) != 0) {
@ -3410,8 +3414,9 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
 #endif
        ssl->options.sendVerify = SEND_CERT;
    }
-    else
+    else {
        ssl->options.sendVerify = SEND_BLANK_CERT;
+    }

    /* This message is always encrypted so add encryption padding. */
    *inOutIdx += ssl->keys.padSz;