Skip to content

Commit

Permalink
external PSK mode is orthogonal to X.509 client auth
Browse files Browse the repository at this point in the history
  • Loading branch information
@kazuho
kazuho committed Oct 19, 2023
1 parent 651a060 commit e220cda
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/picotls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4598,7 +4598,7 @@ static int server_handle_hello(ptls_t *tls, ptls_message_emitter_t *emitter, ptl

/* If the server was setup to use an external PSK but failed to agree, abort the handshake. Because external PSK is a form of
* mutual authentication, we should abort continue the handshake upon negotiation failure, at least by default. */
if (tls->ctx->pre_shared_key.identity.base != NULL && tls->ctx->require_client_authentication && psk_index == SIZE_MAX) {
if (tls->ctx->pre_shared_key.identity.base != NULL && psk_index == SIZE_MAX) {
ret = PTLS_ALERT_UNKNOWN_PSK_IDENTITY;
goto Exit;
}
Expand Down

0 comments on commit e220cda

Please sign in to comment.