From 5b6f86bc8e533f022051bf3a13629075b9352829 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Wed, 28 Jan 2026 10:00:44 +1000
Subject: [PATCH] TLS 1.2 message order check: certificate before CKE

Make sure we received a Certificate message before the ClientKeyExchange
when a certificate is requested. (Certificate message will be empty when
client has no valid certificate.)
---
 src/internal.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 20a5053bfd..6024a57d60 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -18066,6 +18066,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
                 WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E);
                 return OUT_OF_ORDER_E;
             }
+            if (!ssl->options.resuming && ssl->options.verifyPeer &&
+                    !ssl->options.usingPSK_cipher &&
+                    !ssl->options.usingAnon_cipher &&
+                    !ssl->msgsReceived.got_certificate) {
+                return OUT_OF_ORDER_E;
+            }
             if (ssl->msgsReceived.got_certificate_verify||
                     ssl->msgsReceived.got_change_cipher ||
                     ssl->msgsReceived.got_finished) {