Unexpected QUIC post-handshake CertificateRequests are a PROTOCOL_VIOLATION

An OpenSSL QUIC client does not send the post_handshake_auth extension. Therefore if a server sends a post-handsahke CertificateRequest then this would be treated as a TLS protocol violation with an "unexpected message" alert code. However RFC 9001 specifically requires us to treat this as QUIC PROTOCOL_VIOLATION. So we have to translate the "unexpected message" alert code in this one instance. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21686)
author: Matt Caswell <matt@openssl.org> 2023-08-02 16:43:11 +0100
committer: Matt Caswell <matt@openssl.org> 2023-08-15 14:41:31 +0100
commit: b644a9323f0060e27b3e45101856dc9e3bec0ac4 (patch)
tree: 7d083c2e66b53e43a7948b5b85a23612e9422316 /include
parent: 98d81174d3763053b32b8cfd7225acd0a111d456 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/include/internal/quic_tls.h b/include/internal/quic_tls.h
index 770c698d31..7d9c533728 100644
--- a/include/internal/quic_tls.h
+++ b/include/internal/quic_tls.h
@@ -100,4 +100,6 @@ int ossl_quic_tls_get_error(QUIC_TLS *qtls,
                             const char **error_msg,
                             ERR_STATE **error_state);
 
+int ossl_quic_tls_is_cert_request(QUIC_TLS *qtls);
+
 #endif
author	Matt Caswell <matt@openssl.org>	2023-08-02 16:43:11 +0100
committer	Matt Caswell <matt@openssl.org>	2023-08-15 14:41:31 +0100
commit	b644a9323f0060e27b3e45101856dc9e3bec0ac4 (patch)
tree	7d083c2e66b53e43a7948b5b85a23612e9422316 /include
parent	98d81174d3763053b32b8cfd7225acd0a111d456 (diff)