handshake: remove unnecessary HSK_CRT_SENT flag

Previously, while the flag HSK_CRT_SENT was checked in
_gnutls13_send_certificate_verify, the flag was never set anywhere.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

2 files changed, 5 insertions, 6 deletions

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index f5c89c18cf..72d6c066b6 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1320,7 +1320,6 @@ typedef struct {
 #define HSK_PSK_KE_MODES_RECEIVED (HSK_PSK_KE_MODE_PSK|HSK_PSK_KE_MODE_DHE_PSK|HSK_PSK_KE_MODE_INVALID)
 
 #define HSK_CRT_VRFY_EXPECTED 1
-#define HSK_CRT_SENT (1<<1)
 #define HSK_CRT_ASKED (1<<2)
 #define HSK_HRR_SENT (1<<3)
 #define HSK_HRR_RECEIVED (1<<4)
diff --git a/lib/tls13/certificate_verify.c b/lib/tls13/certificate_verify.c
index 72b4488115..55245f2efd 100644
--- a/lib/tls13/certificate_verify.c
+++ b/lib/tls13/certificate_verify.c
@@ -179,11 +179,11 @@ int _gnutls13_send_certificate_verify(gnutls_session_t session, unsigned again)
 			if (server) {
 				return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
 			} else {
-				/* if we didn't get a cert request there will not be any */
-				if (!(session->internals.hsk_flags & HSK_CRT_SENT))
-					return 0;
-				else
-					return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+				/* for client, this means either we
+				 * didn't get a cert request or we are
+				 * declining authentication; in either
+				 * case we don't send a cert verify */
+				return 0;
 			}
 		}