tls13: server: Fix state update in CLIENT_CERTIFICATE

The state should be updated only if the handler returns in success. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-07 10:30:19 +02:00 · 2022-06-07 10:30:19 +02:00 · 209cae9c42
commit 209cae9c42
parent 6994e3e0c2
1 changed files with 9 additions and 6 deletions
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -1628,14 +1628,17 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )

        case MBEDTLS_SSL_CLIENT_CERTIFICATE:
            ret = mbedtls_ssl_tls13_process_certificate( ssl );
-            if( ret == 0 && ssl->session_negotiate->peer_cert != NULL )
+            if( ret == 0 )
            {
-                mbedtls_ssl_handshake_set_state(
-                    ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
+                if( ssl->session_negotiate->peer_cert != NULL )
+                {
+                    mbedtls_ssl_handshake_set_state(
+                        ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
+                }
+                else
+                    mbedtls_ssl_handshake_set_state(
+                        ssl, MBEDTLS_SSL_CLIENT_FINISHED );
            }
-            else
-                mbedtls_ssl_handshake_set_state(
-                    ssl, MBEDTLS_SSL_CLIENT_FINISHED );
            break;

        case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: