diff --git a/examples/client/client.c b/examples/client/client.c index 6c8cf5013..ab4f7ae5c 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -831,8 +831,8 @@ static void ClientWrite(WOLFSSL* ssl, char* msg, int msgSz, const char* str) } } -static void ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead, - const char* str) +static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead, + const char* str, int exitWithRet) { int ret, err; char buffer[WOLFSSL_MAX_ERROR_SZ]; @@ -853,7 +853,12 @@ static void ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead, if (err != WOLFSSL_ERROR_WANT_READ) { printf("SSL_read reply error %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); - err_sys("SSL_read failed"); + if (!exitWithRet) { + err_sys("SSL_read failed"); + } + else { + break; + } } } @@ -874,6 +879,8 @@ static void ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead, reply[ret] = 0; printf("%s%s\n", str, reply); } + + return err; } @@ -3095,14 +3102,18 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) ClientWrite(ssl, msg, msgSz, ""); - ClientRead(ssl, reply, sizeof(reply)-1, 1, ""); + err = ClientRead(ssl, reply, sizeof(reply)-1, 1, "", exitWithRet); + if (exitWithRet && (err != 0)) { + ((func_args*)args)->return_code = err; + goto exit; + } #if defined(WOLFSSL_TLS13) if (updateKeysIVs || postHandAuth) ClientWrite(ssl, msg, msgSz, ""); #endif if (sendGET) { /* get html */ - ClientRead(ssl, reply, sizeof(reply)-1, 0, ""); + (void)ClientRead(ssl, reply, sizeof(reply)-1, 0, "", 0); } #ifndef NO_SESSION_CACHE @@ -3353,8 +3364,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) ClientWrite(sslResume, resumeMsg, resumeSz, " resume"); - ClientRead(sslResume, reply, sizeof(reply)-1, sendGET, - "Server resume: "); + (void)ClientRead(sslResume, reply, sizeof(reply)-1, sendGET, + "Server resume: ", 0); /* try to send session break */ ClientWrite(sslResume, msg, msgSz, " resume 2"); diff --git a/src/internal.c b/src/internal.c index fbdbb13a0..0aaee32a1 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10663,7 +10663,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, args->count = args->totalCerts; args->certIdx = 0; /* select peer cert (first one) */ - if (args->count == 0 && ssl->options.mutualAuth && + if (args->count == 0 && (ssl->options.mutualAuth || + (ssl->options.failNoCert && IsAtLeastTLSv1_3(ssl->version))) && ssl->options.side == WOLFSSL_SERVER_END) { ret = NO_PEER_CERT; DoCertFatalAlert(ssl, ret); diff --git a/tests/test-fails.conf b/tests/test-fails.conf index d8ea91fd4..d1dd44417 100644 --- a/tests/test-fails.conf +++ b/tests/test-fails.conf @@ -177,3 +177,14 @@ # client send alert on no mutual authentication -v 3 -x + +# server TLSv1.3 fail on no client certificate +# server always sets WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT unless using -d +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 no client certificate +-v 4 +-l TLS13-AES128-GCM-SHA256 +-x + diff --git a/tests/test-tls13.conf b/tests/test-tls13.conf index c75b27fe1..3f87cc091 100644 --- a/tests/test-tls13.conf +++ b/tests/test-tls13.conf @@ -135,15 +135,6 @@ -v 4 -l TLS13-AES128-GCM-SHA256 -# client TLSv1.3 no client certificate --v 4 --l TLS13-AES128-GCM-SHA256 --x - -# server TLSv1.3 --v 4 --l TLS13-AES128-GCM-SHA256 - # client TLSv1.3 DH key exchange -v 4 -l TLS13-AES128-GCM-SHA256