diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 396fce6e8..ca1990813 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1450,6 +1450,7 @@ static int ssl_tls13_write_server_certificate( mbedtls_ssl_context *ssl ) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( mbedtls_ssl_own_cert( ssl ) == NULL ) { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "No certificate available." ) ); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9d8484442..6041f1a13 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11329,6 +11329,17 @@ run_test "TLS 1.3: server: HRR check - mbedtls" \ -s "=> write hello retry request" \ -s "<= write hello retry request" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Server side check, no server certificate available" \ + "$P_SRV debug_level=4 crt_file=none key_file=none force_version=tls13" \ + "$P_CLI debug_level=4 force_version=tls13" \ + 1 \ + -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ + -s "No certificate available." + for i in opt-testcases/*.sh do TEST_SUITE_NAME=${i##*/}