Assert presence of server certificate in Certificate writer

The server-side `Certificate` handshake message writer checks whether a certificate is present, and if not fails with: ``` MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED ``` This should never happen, since the library checks the presence of a suitable certificate before picking a ciphersuite. It is therefore more suitable to convert this check into an assertion, and fail with MBEDTLS_ERR_SSL_INTERNAL_ERROR upon failure. Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2025-03-28 19:21:08 +00:00 · 2021-04-30 05:38:24 +01:00 · 2021-04-30 05:38:24 +01:00 · 9cfe6e977d
commit 9cfe6e977d
parent 56ee9e5f14
1 changed files with 3 additions and 2 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1936,8 +1936,9 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
    {
        if( mbedtls_ssl_own_cert( ssl ) == NULL )
        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
-            return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED );
+            /* Should never happen because we shouldn't have picked the
+             * ciphersuite if we don't have a certificate. */
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
        }
    }
 #endif