in tls/s2n_handshake_io.c [946:986]
static S2N_RESULT s2n_conn_set_tls13_handshake_type(struct s2n_connection *conn)
{
RESULT_ENSURE_REF(conn);
/* Most handshake type flags should be reset before we calculate the handshake type,
* in order to handle changes during retries.
* However, flags that have already affected the message order must be kept to avoid
* rewriting the past.
*/
conn->handshake.handshake_type &= (HELLO_RETRY_REQUEST | MIDDLEBOX_COMPAT | EARLY_CLIENT_CCS);
/* A handshake type has been negotiated */
RESULT_GUARD(s2n_handshake_type_set_flag(conn, NEGOTIATED));
if (conn->psk_params.chosen_psk == NULL) {
RESULT_GUARD(s2n_handshake_type_set_flag(conn, FULL_HANDSHAKE));
}
if (conn->early_data_state == S2N_EARLY_DATA_ACCEPTED) {
conn->handshake.handshake_type |= WITH_EARLY_DATA;
}
s2n_cert_auth_type client_cert_auth_type;
RESULT_GUARD_POSIX(s2n_connection_get_client_auth_type(conn, &client_cert_auth_type));
if (conn->mode == S2N_CLIENT && client_cert_auth_type == S2N_CERT_AUTH_REQUIRED
&& IS_FULL_HANDSHAKE(conn)) {
/* If we're a client, and Client Auth is REQUIRED, then the Client must expect the CLIENT_CERT_REQ Message */
RESULT_GUARD(s2n_handshake_type_set_flag(conn, CLIENT_AUTH));
} else if (conn->mode == S2N_SERVER && client_cert_auth_type != S2N_CERT_AUTH_NONE
&& IS_FULL_HANDSHAKE(conn)) {
/* If we're a server, and Client Auth is REQUIRED or OPTIONAL, then the server must send the CLIENT_CERT_REQ Message*/
RESULT_GUARD(s2n_handshake_type_set_flag(conn, CLIENT_AUTH));
}
if (s2n_is_middlebox_compat_enabled(conn)) {
RESULT_GUARD(s2n_handshake_type_set_tls13_flag(conn, MIDDLEBOX_COMPAT));
}
return S2N_RESULT_OK;
}