Completed Handshake process without any certificate sent by the client #529
Description
Your environment.
- Version: v2.1.3
- Other Information - related issues, suggestions how to fix, links for us to have context*
What did you do?
We have a setup for our Dtls Server run with client's psk and certificate validation. It'll depend on if client's handshake will send either psk or certificate information.
It was working almost properly until an user managed to complete the full handshake process without providing either psk nor certificate, but signalizing it'd send its client certificates to the server.
First the server choose the cipher (Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)) in the Server Hello handshake protocol. Then, the client sent the Certificate handshake protocol but without any certificate. It also didn't sent psk, but the handshake was completed.
To reproduce the same situation that my customer faced, i used the pion dtls as a client, but i needed to comment on several parts of the code because pion dtls lib is very good on validations (for this case in the client-side perspective). It was blocking me to send a Certificate handshake protocol without any certificate. For that reason i commented many parts to manage and reproduce the customer error.
My customer, in other hand, managed to finish all the handshake process using python and some library to perform dtls handshake with python.
What did you expect?
We expect that the server-side of the handshake finishes instead of accepting a zero-length array of certificates. Some kind of error to the client side.
What happened?
All the handshake process was completed and we managed to receive the authenticated connection in our application.