msquic icon indicating copy to clipboard operation
msquic copied to clipboard

Published 20 hours ago verified publisher icon microsoft

QUIC_CONNECTION_EVENT_PEER_CERTIFICATE_RECEIVED with NULL certificate

Open jarnovanderlinden opened this issue 2 years ago • 1 comments

Describe the bug

It is possible to receive a QUIC_CONNECTION_EVENT_PEER_CERTIFICATE_RECEIVED event with a NULL certificate. Particularly when requiring client certificates and the client does not provide one. The documentation for QUIC_CONNECTION_EVENT implies that there will always be a certificate:

This event indicates a certificate has been received from the peer.

Affected OS

  • [ ] Windows
  • [ ] Linux
  • [ ] macOS
  • [ ] Other (specify below)

Additional OS information

No response

MsQuic version

main

Steps taken to reproduce bug

Have a server which requires client certificates. Try to connect with a client which does not supply a certificate. QuicConnPeerCertReceived() gets called with Certificate == NULL.

Expected behavior

Documentation and the naming of the event implies that a certificate has been received.

Actual outcome

QUIC_CONNECTION_EVENT_PEER_CERTIFICATE_RECEIVED event occurs with apparently no certificate received.

Additional details

Using OpenSSL for TLS. The event originates in tls_openssl.c CxPlatTlsProcessData() with QUIC_CREDENTIAL_FLAG_INDICATE_CERTIFICATE_RECEIVED set and TlsContext->PeerCertReceived being NULL.

jarnovanderlinden avatar Nov 05 '22 01:11 jarnovanderlinden

Walkthrough

The documentation needs to be updated to reflect that the certificate may be NULL in certain cases.

nibanks avatar May 08 '23 22:05 nibanks