tls13 handshake: allow certificate messages after handshake

This allows post-handshake authentication even when PSK is negotiated. Resolves #489 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-06-27 14:19:02 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-07-02 08:39:50 +0000
commit: 32fe53b2d71a396ddf3cdc245bb6a99c04366921 (patch)
tree: ccc30bed0a969d0f737414ca4a0b246b3ccd705b /lib/tls13/certificate_request.c
parent: 93cc44b19242819a32b29a381d220e96a3c0fc41 (diff)
download: gnutls-32fe53b2d71a396ddf3cdc245bb6a99c04366921.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/tls13/certificate_request.c b/lib/tls13/certificate_request.c
index 09fb56d0bd..a7ec0e2fd9 100644
--- a/lib/tls13/certificate_request.c
+++ b/lib/tls13/certificate_request.c
@@ -192,7 +192,8 @@ int _gnutls13_recv_certificate_request(gnutls_session_t session)
 	int ret;
 	gnutls_buffer_st buf;
 
-	if (session->internals.hsk_flags & HSK_PSK_SELECTED)
+	if (!session->internals.initial_negotiation_completed &&
+	    session->internals.hsk_flags & HSK_PSK_SELECTED)
 		return 0;
 
 	if (unlikely(session->security_parameters.entity != GNUTLS_CLIENT))
@@ -254,7 +255,8 @@ int _gnutls13_send_certificate_request(gnutls_session_t session, unsigned again)
 	if (again == 0) {
 		unsigned char rnd[12];
 
-		if (session->internals.hsk_flags & HSK_PSK_SELECTED)
+		if (!session->internals.initial_negotiation_completed &&
+		    session->internals.hsk_flags & HSK_PSK_SELECTED)
 			return 0;
 
 		if (session->internals.send_cert_req == 0)
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-06-27 14:19:02 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-07-02 08:39:50 +0000
commit	32fe53b2d71a396ddf3cdc245bb6a99c04366921 (patch)
tree	ccc30bed0a969d0f737414ca4a0b246b3ccd705b /lib/tls13/certificate_request.c
parent	93cc44b19242819a32b29a381d220e96a3c0fc41 (diff)
download	gnutls-32fe53b2d71a396ddf3cdc245bb6a99c04366921.tar.gz