From a1543fdeacfc5931a678090a5173b5e20d110ea4 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Sun, 26 Dec 2021 14:59:52 +0000
Subject: [PATCH] Correct SSL_get_peer_cert_chain() when used with the TLSv1.3
 stack.

Due to a wonderful API inconsistency, a client includes the peer's leaf
certificate in the stored certificate chain, while a server does not.

Found due to a haproxy test failure reported by Ilya Shipitsin.

ok tb@
---
 lib/libssl/tls13_server.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c
index 253c1fc2083..f5066f958a5 100644
--- a/lib/libssl/tls13_server.c
+++ b/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.88 2021/10/31 16:37:25 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.89 2021/12/26 14:59:52 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -908,8 +908,11 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
 	}
 	ERR_clear_error();
 
-	cert = sk_X509_value(certs, 0);
-	X509_up_ref(cert);
+	/*
+	 * Achtung! Due to API inconsistency, a client includes the peer's leaf
+	 * certificate in the stored certificate chain, while a server does not.
+	 */
+	cert = sk_X509_shift(certs);
 
 	if ((pkey = X509_get0_pubkey(cert)) == NULL)
 		goto err;
-- 
2.20.1