Remove logic for non-signing client certificates.
Now that only RSA and ECDSA certificates are supported, the server should just
reject non-signing ones outright, rather than allowing them to skip
CertificateVerify.
Change-Id: I7fe5ed3adde14481016ee841ed241faba18c26f0
Reviewed-on: https://boringssl-review.googlesource.com/1609
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index b5c50b4..6f91909 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2306,15 +2306,10 @@
EVP_MD_CTX_init(&mctx);
- /* Determine if a CertificateVerify message is expected at all. It is
- * important that this be determined before ssl_get_message is called,
- * so as not to process the ChangeCipherSpec message early. */
- if (peer != NULL)
- {
- pkey = X509_get_pubkey(peer);
- type = X509_certificate_type(peer,pkey);
- }
- if (!(type & EVP_PKT_SIGN))
+ /* Only RSA and ECDSA client certificates are supported, so a
+ * CertificateVerify is required if and only if there's a
+ * client certificate. */
+ if (peer == NULL)
{
ret = 1;
goto done_with_buffer;
@@ -2333,6 +2328,16 @@
goto done;
}
+ pkey = X509_get_pubkey(peer);
+ type = X509_certificate_type(peer,pkey);
+ if (!(type & EVP_PKT_SIGN))
+ {
+ /* If it's not a signing certificate, it's unsupported. */
+ al = SSL_AD_UNSUPPORTED_CERTIFICATE;
+ OPENSSL_PUT_ERROR(SSL, ssl3_get_cert_verify, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
+ goto f_err;
+ }
+
CBS_init(&certificate_verify, s->init_msg, n);
/* We now have a signature that we need to verify. */
