From 209cae9c42e7f2c43bf0b9a061ab2560dd2bbbf4 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Tue, 7 Jun 2022 10:30:19 +0200
Subject: [PATCH] tls13: server: Fix state update in CLIENT_CERTIFICATE

The state should be updated only if the handler
returns in success.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/ssl_tls13_server.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index f3843b1e8..65023075c 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1628,14 +1628,17 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
 
         case MBEDTLS_SSL_CLIENT_CERTIFICATE:
             ret = mbedtls_ssl_tls13_process_certificate( ssl );
-            if( ret == 0 && ssl->session_negotiate->peer_cert != NULL )
+            if( ret == 0 )
             {
-                mbedtls_ssl_handshake_set_state(
-                    ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
+                if( ssl->session_negotiate->peer_cert != NULL )
+                {
+                    mbedtls_ssl_handshake_set_state(
+                        ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
+                }
+                else
+                    mbedtls_ssl_handshake_set_state(
+                        ssl, MBEDTLS_SSL_CLIENT_FINISHED );
             }
-            else
-                mbedtls_ssl_handshake_set_state(
-                    ssl, MBEDTLS_SSL_CLIENT_FINISHED );
             break;
 
         case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: