Drop back to the legacy tls method if we are doing client authenticaiton

from a tls 1.3 connection, for now. ok jsing@
author: beck <> 2019-11-17 00:16:58 +0000
committer: beck <> 2019-11-17 00:16:58 +0000
commit: b640c5f7f1ee7bfdfee44d5c84459dfb76f880d9 (patch)
tree: 0ce473b581789f4c326fe64f91eb9bade13c3984
parent: 6dc247f99372dd30c77652836201381b14efe0af (diff)
download: openbsd-b640c5f7f1ee7bfdfee44d5c84459dfb76f880d9.tar.gz
openbsd-b640c5f7f1ee7bfdfee44d5c84459dfb76f880d9.tar.bz2
openbsd-b640c5f7f1ee7bfdfee44d5c84459dfb76f880d9.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index a9f1b6bbd5..e092e7f811 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.16 2019/04/05 20:23:38 tb Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.17 2019/11/17 00:16:58 beck Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -63,6 +63,12 @@ tls13_legacy_connect(SSL *ssl)
        struct tls13_ctx *ctx = ssl->internal->tls13;
        int ret;
+        /* XXX drop back to legacy for client auth for now */
+        if (ssl->cert->key != NULL) {
+                ssl->method = tls_legacy_client_method();
+                return ssl->method->internal->ssl_connect(ssl);
+        }
        if (ctx == NULL) {
                if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT)) == NULL) {
                        SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
author	beck <>	2019-11-17 00:16:58 +0000
committer	beck <>	2019-11-17 00:16:58 +0000
commit	b640c5f7f1ee7bfdfee44d5c84459dfb76f880d9 (patch)
tree	0ce473b581789f4c326fe64f91eb9bade13c3984
parent	6dc247f99372dd30c77652836201381b14efe0af (diff)
download	openbsd-b640c5f7f1ee7bfdfee44d5c84459dfb76f880d9.tar.gz openbsd-b640c5f7f1ee7bfdfee44d5c84459dfb76f880d9.tar.bz2 openbsd-b640c5f7f1ee7bfdfee44d5c84459dfb76f880d9.zip