[PATCH 01/11] tls: Only accept the Certificate Request in client mode

--- ell/tls.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ell/tls.c b/ell/tls.c index eab9cc2..f4cd94c 100644 --- a/ell/tls.c +++ b/ell/tls.c @@ -2312,6 +2312,12 @@ static void tls_handle_handshake(struct l_tls *tls, int type, break; case TLS_CERTIFICATE_REQUEST: + if (tls->server) { + TLS_DISCONNECT(TLS_ALERT_UNEXPECTED_MESSAGE, 0, + "Message invalid in server mode"); + break; + } + /* * Server sends this optionally so in the WAIT_HELLO_DONE * state we accept either this or a Server Hello Done (below). -- 2.19.1