Assert presence of server certificate in Certificate writer

The server-side `Certificate` handshake message writer checks
whether a certificate is present, and if not fails with:

```
   MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED
```

This should never happen, since the library checks the presence
of a suitable certificate before picking a ciphersuite. It is
therefore more suitable to convert this check into an assertion,
and fail with MBEDTLS_ERR_SSL_INTERNAL_ERROR upon failure.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit is contained in:
Hanno Becker 2021-04-30 05:38:24 +01:00
parent 56ee9e5f14
commit 9cfe6e977d

View File

@ -1936,8 +1936,9 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
{
if( mbedtls_ssl_own_cert( ssl ) == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED );
/* Should never happen because we shouldn't have picked the
* ciphersuite if we don't have a certificate. */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
}
#endif