Merge pull request #6482 from ronald-cron-arm/tls13-misc

TLS 1.3: Update documentation for the coming release and misc
2025-07-28 00:21:48 +03:00 · 2022-10-28 11:09:03 +02:00
parent cd7fe3ee14 85b9e09525
commit 04e2133f45
8 changed files with 411 additions and 1116 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -648,14 +648,6 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl,
     */
    p += 5;

-    if( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) )
-    {
-        *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE;
-        ke_modes_len++;
-
-        MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding pure PSK key exchange mode" ) );
-    }
-
    if( mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( ssl ) )
    {
        *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE;
@ -664,6 +656,14 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl,
        MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding PSK-ECDHE key exchange mode" ) );
    }

+    if( mbedtls_ssl_conf_tls13_psk_enabled( ssl ) )
+    {
+        *p++ = MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE;
+        ke_modes_len++;
+
+        MBEDTLS_SSL_DEBUG_MSG( 4, ( "Adding pure PSK key exchange mode" ) );
+    }
+
    /* Now write the extension and ke_modes length */
    MBEDTLS_PUT_UINT16_BE( ke_modes_len + 1, buf, 2 );
    buf[4] = ke_modes_len;
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -2431,7 +2431,10 @@ static int ssl_tls13_certificate_request_coordinate( mbedtls_ssl_context *ssl )
    authmode = ssl->conf->authmode;

    if( authmode == MBEDTLS_SSL_VERIFY_NONE )
+    {
+        ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
        return( SSL_CERTIFICATE_REQUEST_SKIP );
+    }

    ssl->handshake->certificate_request_sent = 1;