commit 209cae9c42e7f2c43bf0b9a061ab2560dd2bbbf4
author Ronald Cron <ronald.cron@arm.com> Tue Jun 07 10:30:19 2022 +0200
committer Ronald Cron <ronald.cron@arm.com> Tue Jun 07 10:58:22 2022 +0200
tree 976b1cf0bc832d0c967cb0b4e5ef2a4987cc95de
parent 6994e3e0c23a3106df7c60f96f7a7ec31bea1e66

tls13: server: Fix state update in CLIENT_CERTIFICATE

The state should be updated only if the handler
returns in success.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index f3843b1..6502307 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1628,14 +1628,17 @@
 
         case MBEDTLS_SSL_CLIENT_CERTIFICATE:
             ret = mbedtls_ssl_tls13_process_certificate( ssl );
-            if( ret == 0 && ssl->session_negotiate->peer_cert != NULL )
+            if( ret == 0 )
             {
-                mbedtls_ssl_handshake_set_state(
-                    ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
+                if( ssl->session_negotiate->peer_cert != NULL )
+                {
+                    mbedtls_ssl_handshake_set_state(
+                        ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
+                }
+                else
+                    mbedtls_ssl_handshake_set_state(
+                        ssl, MBEDTLS_SSL_CLIENT_FINISHED );
             }
-            else
-                mbedtls_ssl_handshake_set_state(
-                    ssl, MBEDTLS_SSL_CLIENT_FINISHED );
             break;
 
         case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: