()
| 1143 | } |
| 1144 | |
| 1145 | func (hs *serverHandshakeStateTLS13) readClientCertificate() error { |
| 1146 | c := hs.c |
| 1147 | |
| 1148 | if !hs.requestClientCert() { |
| 1149 | // Make sure the connection is still being verified whether or not |
| 1150 | // the server requested a client certificate. |
| 1151 | if c.config.VerifyConnection != nil { |
| 1152 | if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil { |
| 1153 | c.sendAlert(alertBadCertificate) |
| 1154 | return err |
| 1155 | } |
| 1156 | } |
| 1157 | return nil |
| 1158 | } |
| 1159 | |
| 1160 | // If we requested a client certificate, then the client must send a |
| 1161 | // certificate message. If it's empty, no CertificateVerify is sent. |
| 1162 | |
| 1163 | msg, err := c.readHandshake(hs.transcript) |
| 1164 | if err != nil { |
| 1165 | return err |
| 1166 | } |
| 1167 | |
| 1168 | certMsg, ok := msg.(*certificateMsgTLS13) |
| 1169 | if !ok { |
| 1170 | c.sendAlert(alertUnexpectedMessage) |
| 1171 | return unexpectedMessageError(certMsg, msg) |
| 1172 | } |
| 1173 | |
| 1174 | if err := c.processCertsFromClient(certMsg.certificate); err != nil { |
| 1175 | return err |
| 1176 | } |
| 1177 | |
| 1178 | if c.config.VerifyConnection != nil { |
| 1179 | if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil { |
| 1180 | c.sendAlert(alertBadCertificate) |
| 1181 | return err |
| 1182 | } |
| 1183 | } |
| 1184 | |
| 1185 | if len(certMsg.certificate.Certificate) != 0 { |
| 1186 | // certificateVerifyMsg is included in the transcript, but not until |
| 1187 | // after we verify the handshake signature, since the state before |
| 1188 | // this message was sent is used. |
| 1189 | msg, err = c.readHandshake(nil) |
| 1190 | if err != nil { |
| 1191 | return err |
| 1192 | } |
| 1193 | |
| 1194 | certVerify, ok := msg.(*certificateVerifyMsg) |
| 1195 | if !ok { |
| 1196 | c.sendAlert(alertUnexpectedMessage) |
| 1197 | return unexpectedMessageError(certVerify, msg) |
| 1198 | } |
| 1199 | |
| 1200 | // See RFC 8446, Section 4.4.3. |
| 1201 | // We don't use certReq.supportedSignatureAlgorithms because it would |
| 1202 | // require keeping the certificateRequestMsgTLS13 around in the hs. |
no test coverage detected