diff options
-rw-r--r-- | lib/gnutls_int.h | 1 | ||||
-rw-r--r-- | lib/tls13/certificate_verify.c | 10 |
2 files changed, 5 insertions, 6 deletions
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index f5c89c18cf..72d6c066b6 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1320,7 +1320,6 @@ typedef struct { #define HSK_PSK_KE_MODES_RECEIVED (HSK_PSK_KE_MODE_PSK|HSK_PSK_KE_MODE_DHE_PSK|HSK_PSK_KE_MODE_INVALID) #define HSK_CRT_VRFY_EXPECTED 1 -#define HSK_CRT_SENT (1<<1) #define HSK_CRT_ASKED (1<<2) #define HSK_HRR_SENT (1<<3) #define HSK_HRR_RECEIVED (1<<4) diff --git a/lib/tls13/certificate_verify.c b/lib/tls13/certificate_verify.c index 72b4488115..55245f2efd 100644 --- a/lib/tls13/certificate_verify.c +++ b/lib/tls13/certificate_verify.c @@ -179,11 +179,11 @@ int _gnutls13_send_certificate_verify(gnutls_session_t session, unsigned again) if (server) { return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); } else { - /* if we didn't get a cert request there will not be any */ - if (!(session->internals.hsk_flags & HSK_CRT_SENT)) - return 0; - else - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + /* for client, this means either we + * didn't get a cert request or we are + * declining authentication; in either + * case we don't send a cert verify */ + return 0; } } |