Drop back to the legacy tls method if we are doing client authenticaiton

from a tls 1.3 connection, for now. ok jsing@
author: beck <beck@openbsd.org> 2019-11-17 00:16:58 +0000
committer: beck <beck@openbsd.org> 2019-11-17 00:16:58 +0000
commit: 9dc7da83854cedf6e36cea4499d30fe36d645697 (patch)
tree: 29ede9fddbf2d4bee6705b6e485f3fccb2fc4b58 /lib/libssl/tls13_client.c
parent: Separate the callbacks for recieved and completed post handshake messages (diff)
download: wireguard-openbsd-9dc7da83854cedf6e36cea4499d30fe36d645697.tar.xz
wireguard-openbsd-9dc7da83854cedf6e36cea4499d30fe36d645697.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c
index a9f1b6bbd57..e092e7f8113 100644
--- a/lib/libssl/tls13_client.c
+++ b/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.16 2019/04/05 20:23:38 tb Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.17 2019/11/17 00:16:58 beck Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -63,6 +63,12 @@ tls13_legacy_connect(SSL *ssl)
 	struct tls13_ctx *ctx = ssl->internal->tls13;
 	int ret;
 
+	/* XXX drop back to legacy for client auth for now */
+	if (ssl->cert->key != NULL) {
+		ssl->method = tls_legacy_client_method();
+		return ssl->method->internal->ssl_connect(ssl);
+	}
+
 	if (ctx == NULL) {
 		if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT)) == NULL) {
 			SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
author	beck <beck@openbsd.org>	2019-11-17 00:16:58 +0000
committer	beck <beck@openbsd.org>	2019-11-17 00:16:58 +0000
commit	9dc7da83854cedf6e36cea4499d30fe36d645697 (patch)
tree	29ede9fddbf2d4bee6705b6e485f3fccb2fc4b58 /lib/libssl/tls13_client.c
parent	Separate the callbacks for recieved and completed post handshake messages (diff)
download	wireguard-openbsd-9dc7da83854cedf6e36cea4499d30fe36d645697.tar.xz wireguard-openbsd-9dc7da83854cedf6e36cea4499d30fe36d645697.zip