diff options
-rw-r--r-- | lib/tls13/certificate.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/tls13/certificate.c b/lib/tls13/certificate.c index 4059db38de..a9e7c312b5 100644 --- a/lib/tls13/certificate.c +++ b/lib/tls13/certificate.c @@ -60,7 +60,11 @@ int _gnutls13_recv_certificate(gnutls_session_t session) if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET) { /* check if we received compressed certificate */ err = _gnutls_recv_handshake(session, GNUTLS_HANDSHAKE_COMPRESSED_CERTIFICATE_PKT, 0, &buf); - if (err >= 0 && (session->internals.hsk_flags & HSK_COMP_CRT_REQ_SENT)) { + if (err >= 0) { + /* fail if we receive unsolicited compressed certificate */ + if (!(session->internals.hsk_flags & HSK_COMP_CRT_REQ_SENT)) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); + decompress_cert = 1; ret = err; } |