From a93b95dac3540fb5a9d276a240edbcfb389962df Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 4 Jun 2020 18:46:21 +0000
Subject: Align tls13_server_select_certificate() with
 tls13_client_select_certificate().

ok inoguchi
---
 src/lib/libssl/tls13_server.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 50ae694496..edc87fcdcb 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.56 2020/06/02 04:50:17 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.57 2020/06/04 18:46:21 tb Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -508,7 +508,8 @@ tls13_server_select_certificate(struct tls13_ctx *ctx, CERT_PKEY **out_cpk,
 	if (cert_ok)
 		goto done;
 
-	return 0;
+	cpk = NULL;
+	sigalg = NULL;
 
  done:
 	*out_cpk = cpk;
@@ -528,7 +529,10 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
 	X509 *cert;
 	int i, ret = 0;
 
-	if (!tls13_server_select_certificate(ctx, &cpk, &sigalg)) {
+	if (!tls13_server_select_certificate(ctx, &cpk, &sigalg))
+		goto err;
+
+	if (cpk == NULL) {
 		/* A server must always provide a certificate. */
 		ctx->alert = TLS13_ALERT_HANDSHAKE_FAILURE;
 		tls13_set_errorx(ctx, TLS13_ERR_NO_CERTIFICATE, 0,
-- 
cgit v1.2.3-55-g6feb