Honour SSL_VERIFY_FAIL_IF_NO_PEER_CERT in the TLSv1.3 server.

ok beck@
author: jsing <jsing@openbsd.org> 2020-05-10 16:59:51 +0000
committer: jsing <jsing@openbsd.org> 2020-05-10 16:59:51 +0000
commit: 94ac48a6362a267098d8c1c77948b24a579567f6 (patch)
tree: 0ea03828a2b9bd469292028ce74998ebf7ebc2c6 /lib/libssl/tls13_legacy.c
parent: Provide alert defines for TLSv1.3 and use in the TLSv1.3 code. (diff)
download: wireguard-openbsd-94ac48a6362a267098d8c1c77948b24a579567f6.tar.xz
wireguard-openbsd-94ac48a6362a267098d8c1c77948b24a579567f6.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c
index 18e66cbe33d..8f8259344f4 100644
--- a/lib/libssl/tls13_legacy.c
+++ b/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_legacy.c,v 1.4 2020/05/10 16:56:11 jsing Exp $ */
+/*	$OpenBSD: tls13_legacy.c,v 1.5 2020/05/10 16:59:51 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -119,6 +119,9 @@ tls13_legacy_error(SSL *ssl)
 	case TLS13_ERR_NO_SHARED_CIPHER:
 		reason = SSL_R_NO_SHARED_CIPHER;
 		break;
+	case TLS13_ERR_NO_PEER_CERTIFICATE:
+		reason = SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE;
+		break;
 	}
 
 	/* Something (probably libcrypto) already pushed an error on the stack. */
author	jsing <jsing@openbsd.org>	2020-05-10 16:59:51 +0000
committer	jsing <jsing@openbsd.org>	2020-05-10 16:59:51 +0000
commit	94ac48a6362a267098d8c1c77948b24a579567f6 (patch)
tree	0ea03828a2b9bd469292028ce74998ebf7ebc2c6 /lib/libssl/tls13_legacy.c
parent	Provide alert defines for TLSv1.3 and use in the TLSv1.3 code. (diff)
download	wireguard-openbsd-94ac48a6362a267098d8c1c77948b24a579567f6.tar.xz wireguard-openbsd-94ac48a6362a267098d8c1c77948b24a579567f6.zip