summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/tls13_client.c10
-rw-r--r--src/lib/libssl/tls13_internal.h3
-rw-r--r--src/lib/libssl/tls13_legacy.c5
3 files changed, 15 insertions, 3 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 79318d9313..24286569b1 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_client.c,v 1.54 2020/04/28 20:37:22 jsing Exp $ */ 1/* $OpenBSD: tls13_client.c,v 1.54.4.1 2020/05/19 20:22:33 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -587,6 +587,14 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
587 cert = NULL; 587 cert = NULL;
588 } 588 }
589 589
590 /* A server must always provide a non-empty certificate list. */
591 if (sk_X509_num(certs) < 1) {
592 ctx->alert = SSL_AD_DECODE_ERROR;
593 tls13_set_errorx(ctx, TLS13_ERR_NO_PEER_CERTIFICATE, 0,
594 "peer failed to provide a certificate", NULL);
595 goto err;
596 }
597
590 /* 598 /*
591 * At this stage we still have no proof of possession. As such, it would 599 * At this stage we still have no proof of possession. As such, it would
592 * be preferable to keep the chain and verify once we have successfully 600 * be preferable to keep the chain and verify once we have successfully
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index d53672dbfe..b543e08900 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_internal.h,v 1.67 2020/04/28 20:37:22 jsing Exp $ */ 1/* $OpenBSD: tls13_internal.h,v 1.67.4.1 2020/05/19 20:22:33 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -43,6 +43,7 @@ __BEGIN_HIDDEN_DECLS
43#define TLS13_ERR_HRR_FAILED 17 43#define TLS13_ERR_HRR_FAILED 17
44#define TLS13_ERR_TRAILING_DATA 18 44#define TLS13_ERR_TRAILING_DATA 18
45#define TLS13_ERR_NO_SHARED_CIPHER 19 45#define TLS13_ERR_NO_SHARED_CIPHER 19
46#define TLS13_ERR_NO_PEER_CERTIFICATE 21
46 47
47typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg); 48typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg);
48typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *_cbs); 49typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *_cbs);
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index 1e18a8258c..d25674d93b 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_legacy.c,v 1.3 2020/04/28 20:37:22 jsing Exp $ */ 1/* $OpenBSD: tls13_legacy.c,v 1.3.4.1 2020/05/19 20:22:33 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -119,6 +119,9 @@ tls13_legacy_error(SSL *ssl)
119 case TLS13_ERR_NO_SHARED_CIPHER: 119 case TLS13_ERR_NO_SHARED_CIPHER:
120 reason = SSL_R_NO_SHARED_CIPHER; 120 reason = SSL_R_NO_SHARED_CIPHER;
121 break; 121 break;
122 case TLS13_ERR_NO_PEER_CERTIFICATE:
123 reason = SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE;
124 break;
122 } 125 }
123 126
124 /* Something (probably libcrypto) already pushed an error on the stack. */ 127 /* Something (probably libcrypto) already pushed an error on the stack. */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-27 07:07:49 +0000