commit 37d4c337db183fa13318780294ca855053f34222
author Kazuho Oku <kazuhooku@gmail.com> Mon Nov 28 09:57:58 2022 +0900
committer Kazuho Oku <kazuhooku@gmail.com> Mon Nov 28 09:57:58 2022 +0900
tree afdeb88f8922b1565d1b4a2a00233daba0a59582
parent a91ae5f977ca8e77c0376011f32b596f6a0302ba

in PSK mode, CertificateRequest is rejected by the state machine (and when ECH is rejected, we send ECH_REQUIRED alert right above)

lib/picotls.c

diff --git a/lib/picotls.c b/lib/picotls.c
index 824d5d8..0479d1c 100644
--- a/lib/picotls.c
+++ b/lib/picotls.c
@@ -3015,6 +3015,8 @@
     const uint8_t *src = message.base + PTLS_HANDSHAKE_HEADER_SIZE, *const end = message.base + message.len;
     int ret = 0;
 
+    assert(!tls->is_psk_handshake && "state machine asserts that this message is never delivered when PSK is used");
+
     if ((ret = decode_certificate_request(tls, &tls->client.certificate_request, src, end)) != 0)
         return ret;
 
@@ -3262,13 +3264,6 @@
         goto Exit;
 
     if (tls->client.certificate_request.context.base != NULL) {
-        /* The client must not send a certifiate if:
-         * - this is a resumed session, in which case the server is forbidden from sending the certificate request
-         * - ECH was offered by the client but the server rejected (FIXME) */
-        if (tls->is_psk_handshake) {
-            ret = PTLS_ALERT_ILLEGAL_PARAMETER;
-            goto Exit;
-        }
         ret = send_certificate_and_certificate_verify(tls, emitter, &tls->client.certificate_request.signature_algorithms,
                                                       tls->client.certificate_request.context,
                                                       PTLS_CLIENT_CERTIFICATE_VERIFY_CONTEXT_STRING, 0, NULL, 0);