Correct SSL_get_peer_cert_chain() when used with the TLSv1.3 stack.

Due to a wonderful API inconsistency, a client includes the peer's leaf
certificate in the stored certificate chain, while a server does not.

Found due to a haproxy test failure reported by Ilya Shipitsin.

ok tb@

1 files changed, 6 insertions, 3 deletions

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 253c1fc208..f5066f958a 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.88 2021/10/31 16:37:25 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.89 2021/12/26 14:59:52 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -908,8 +908,11 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
         }
         ERR_clear_error();
 
-        cert = sk_X509_value(certs, 0);
-        X509_up_ref(cert);
+        /*
+         * Achtung! Due to API inconsistency, a client includes the peer's leaf
+         * certificate in the stored certificate chain, while a server does not.
+         */
+        cert = sk_X509_shift(certs);
 
         if ((pkey = X509_get0_pubkey(cert)) == NULL)
                 goto err;