tls-peer: Mutual authentication support for TLS 1.3

[thirdparty/strongswan.git] / src / libtls / tls_crypto.c

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 1ce2a03e6aabf8c6444fb311b1cf6a16104fe4c2..e8126c0008a8862b5a2d14c382e4f938f792b831 100644 (file)
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1775,7 +1775,14 @@ METHOD(tls_crypto_t, sign, bool,
                                DBG1(DBG_TLS, "unable to create transcript hash");
                                return FALSE;
                        }
-                       data = chunk_cata("cm", tls13_sig_data_server, transcript_hash);
+                       if (this->tls->is_server(this->tls))
+                       {
+                               data = chunk_cata("cm", tls13_sig_data_server, transcript_hash);
+                       }
+                       else
+                       {
+                               data = chunk_cata("cm", tls13_sig_data_client, transcript_hash);
+                       }
                }
 
                if (!hashsig.len)
@@ -1884,7 +1891,7 @@ METHOD(tls_crypto_t, verify, bool,
                                 tls_signature_scheme_names, scheme);
                        return FALSE;
                }
-               if (this->tls->get_version_max(this->tls) == TLS_1_3)
+               if (this->tls->get_version_max(this->tls) >= TLS_1_3)
                {
                        chunk_t transcript_hash;