tls-server: Check if peer sent hash and signature algorithms

It is mandatory to receive the `signature_algorithms` extension when a
server is authenticating with a certificate, which is always the case.

diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
index 07a1ca3268de8f7fc3f5c7aeb033cffd2ba09389..4957cba898b5aa76867386b1f78e4e7b08766a3a 100644 (file)
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -412,6 +412,14 @@ static status_t process_client_hello(private_tls_server_t *this,
        }
        extensions->destroy(extensions);
 
+       if (this->tls->get_version_max(this->tls) >= TLS_1_3 && !this->hashsig.len)
+       {
+               DBG1(DBG_TLS, "no %N extension received", tls_extension_names,
+                        TLS_MISSING_EXTENSION);
+               this->alert->add(this->alert, TLS_FATAL, TLS_MISSING_EXTENSION);
+               return NEED_MORE;
+       }
+
        memcpy(this->client_random, random.ptr, sizeof(this->client_random));
 
        htoun32(&this->server_random, time(NULL));