tls-server: Terminate connection if peer certificate is required but not sent
This change mainly affects legacy TLS versions because TLS 1.3 connections are terminated by the server once the peer does not send a CertificateVerify message next to its empty Certificate message.
This commit is contained in:
parent
4bba89fff3
commit
dc49d457a2
|
@ -708,6 +708,12 @@ static status_t process_certificate(private_tls_server_t *this,
|
|||
return NEED_MORE;
|
||||
}
|
||||
certs = bio_reader_create(data);
|
||||
if (!certs->remaining(certs))
|
||||
{
|
||||
DBG1(DBG_TLS, "no certificate sent by peer");
|
||||
this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR);
|
||||
return NEED_MORE;
|
||||
}
|
||||
while (certs->remaining(certs))
|
||||
{
|
||||
if (!certs->read_data24(certs, &data))
|
||||
|
|
Loading…
Reference in New Issue