adjust post auth support with TLS 1.3

2022-12-10 06:49:51 -08:00 · 2022-12-10 06:49:51 -08:00 · 389cf6ed0a
commit 389cf6ed0a
parent 37adf0ff06
1 changed files with 8 additions and 1 deletions
--- a/src/tls13.c
+++ b/src/tls13.c
@ -8487,7 +8487,11 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
        }
        else
 #endif
-        if (!ssl->options.havePeerCert || !ssl->options.havePeerVerify) {
+        if (
+        #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
+            !ssl->options.verifyPostHandshake &&
+        #endif
+            (!ssl->options.havePeerCert || !ssl->options.havePeerVerify)) {
            ret = NO_PEER_CERT; /* NO_PEER_VERIFY */
            WOLFSSL_MSG("TLS v1.3 client did not present peer cert");
            DoCertFatalAlert(ssl, ret);
@ -9961,6 +9965,9 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
                 * no certificate available.
                 */
                if (ssl->options.verifyPeer &&
+                #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
+                    !ssl->options.verifyPostHandshake &&
+                #endif
                                           !ssl->msgsReceived.got_certificate) {
                    WOLFSSL_MSG("Finished received out of order - "
                                "missing Certificate message");