From 9cfe6e977d14bdc56f80e6f06a757ca7ccd42da2 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 30 Apr 2021 05:38:24 +0100
Subject: [PATCH] Assert presence of server certificate in Certificate writer

The server-side `Certificate` handshake message writer checks
whether a certificate is present, and if not fails with:

```
   MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED
```

This should never happen, since the library checks the presence
of a suitable certificate before picking a ciphersuite. It is
therefore more suitable to convert this check into an assertion,
and fail with MBEDTLS_ERR_SSL_INTERNAL_ERROR upon failure.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_tls.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index aceeb45dff..fd77dc3d3a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1936,8 +1936,9 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
     {
         if( mbedtls_ssl_own_cert( ssl ) == NULL )
         {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
-            return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED );
+            /* Should never happen because we shouldn't have picked the
+             * ciphersuite if we don't have a certificate. */
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
         }
     }
 #endif