Hi, I see a problem in OpenSSL code and want to confirm if this has been already reported as a bug or not.
If the server sends CertificateRequest during TLS handshake in case of TLS1.2, the Client processes this request in method ssl3_get_certificate_request(SSL* s). While processing the request it calls tls1_process_sigalgs() method to process the signature algorithms. In this method tls1_process_sigalgs(), its being checked if the s->cert pointer is NULL . This actually means the check whether the client has its own certificate or not. In case the pointer is NULL, indicating the client does not have certificate, the function returns zero or failure. TLS handshake fails here with "decode error" owing to SSL_R_SIGNATURE_ALGORITHMS_ERROR. However according to TLS1.2 RFC, its perfectly legal to not have client certificate, in which case, the client can send empty Certificate message to server. Its upto server to accept or reject the client certificate. Due to the above code in tls1_process_sigalgs(), TLS1.2 clients which do not have their own certificate and get CertificateRequest from server are failing to complete TLS handshake. I think this needs to be fixed. If needed I also have patch ready, which I will be happy to contribute. Regards, Sameer Joshi _______________________________________________ openssl-dev mailing list [email protected] https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
