diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-06-27 14:19:02 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-07-02 08:39:50 +0000 |
commit | 32fe53b2d71a396ddf3cdc245bb6a99c04366921 (patch) | |
tree | ccc30bed0a969d0f737414ca4a0b246b3ccd705b /lib/tls13/certificate_request.c | |
parent | 93cc44b19242819a32b29a381d220e96a3c0fc41 (diff) | |
download | gnutls-32fe53b2d71a396ddf3cdc245bb6a99c04366921.tar.gz |
tls13 handshake: allow certificate messages after handshake
This allows post-handshake authentication even when PSK
is negotiated.
Resolves #489
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/tls13/certificate_request.c')
-rw-r--r-- | lib/tls13/certificate_request.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/tls13/certificate_request.c b/lib/tls13/certificate_request.c index 09fb56d0bd..a7ec0e2fd9 100644 --- a/lib/tls13/certificate_request.c +++ b/lib/tls13/certificate_request.c @@ -192,7 +192,8 @@ int _gnutls13_recv_certificate_request(gnutls_session_t session) int ret; gnutls_buffer_st buf; - if (session->internals.hsk_flags & HSK_PSK_SELECTED) + if (!session->internals.initial_negotiation_completed && + session->internals.hsk_flags & HSK_PSK_SELECTED) return 0; if (unlikely(session->security_parameters.entity != GNUTLS_CLIENT)) @@ -254,7 +255,8 @@ int _gnutls13_send_certificate_request(gnutls_session_t session, unsigned again) if (again == 0) { unsigned char rnd[12]; - if (session->internals.hsk_flags & HSK_PSK_SELECTED) + if (!session->internals.initial_negotiation_completed && + session->internals.hsk_flags & HSK_PSK_SELECTED) return 0; if (session->internals.send_cert_req == 0) |