FIX: handle unimplemented handshake messages more gracefully

randombit · Apr 13, 2022 · 8976bf2 · 8976bf2
1 parent ac2fb64
commit 8976bf2
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/lib/tls/tls13/tls_handshake_layer_13.cpp b/src/lib/tls/tls13/tls_handshake_layer_13.cpp
@@ -34,10 +34,10 @@ Handshake_Type handshake_type_from_byte(uint8_t type)
  {
  case CLIENT_HELLO:
  case SERVER_HELLO:
- case END_OF_EARLY_DATA:
+ // case END_OF_EARLY_DATA: // NYI: needs PSK/resumption support -- won't be offered in Client Hello for now
  case ENCRYPTED_EXTENSIONS:
  case CERTIFICATE:
- case CERTIFICATE_REQUEST:
+ // case CERTIFICATE_REQUEST: // NYI: client auth -- server might still request, resulting in handshake failure
  case CERTIFICATE_VERIFY:
  case FINISHED:
  return Handshake_Type(type);
@@ -50,6 +50,7 @@ Handshake_Type handshake_type_from_byte(uint8_t type)
  {
  case NEW_SESSION_TICKET:
  case KEY_UPDATE:
+ // case CERTIFICATE_REQUEST: // NYI: post-handshake client auth (RFC 8446 4.6.2) -- won't be offered in Client Hello for now
  return Handshake_Type(type);
  }
  throw TLS_Exception(Alert::UNEXPECTED_MESSAGE, "Unknown post-handshake message received");