Assert presence of server certificate in Certificate writer The server-side `Certificate` handshake message writer checks whether a certificate is present, and if not fails with: ``` MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED ``` This should never happen, since the library checks the presence of a suitable certificate before picking a ciphersuite. It is therefore more suitable to convert this check into an assertion, and fail with MBEDTLS_ERR_SSL_INTERNAL_ERROR upon failure. Signed-off-by: Hanno Becker <hanno.becker@arm.com>

commit: 9cfe6e977d14bdc56f80e6f06a757ca7ccd42da2 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Fri Apr 30 05:38:24 2021 +0100
committer: Hanno Becker <hanno.becker@arm.com> Fri Apr 30 05:38:24 2021 +0100
tree: de48bcd82282b7aced32ea0d933abedfd9d811d4
parent: 56ee9e5f141bb5cf3d0468fa09b6de7f5b19daf6 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index aceeb45..fd77dc3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -1936,8 +1936,9 @@
     {
         if( mbedtls_ssl_own_cert( ssl ) == NULL )
         {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
-            return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED );
+            /* Should never happen because we shouldn't have picked the
+             * ciphersuite if we don't have a certificate. */
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
         }
     }
 #endif
commit	9cfe6e977d14bdc56f80e6f06a757ca7ccd42da2	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Fri Apr 30 05:38:24 2021 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Fri Apr 30 05:38:24 2021 +0100
tree	de48bcd82282b7aced32ea0d933abedfd9d811d4
parent	56ee9e5f141bb5cf3d0468fa09b6de7f5b19daf6 [diff] [blame]