From 0c26920ea03bde434c30aaccad74ffba7609735a Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 6 Mar 2026 16:07:34 +0100
Subject: [PATCH] Set upper bound on post-auth cert reqs

F-205
---
 src/tls13.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/tls13.c b/src/tls13.c
index db5659cd052..e964e94d1c2 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -14182,6 +14182,13 @@ int wolfSSL_request_certificate(WOLFSSL* ssl)
         return NOT_READY_ERROR;
     if (!ssl->options.postHandshakeAuth)
         return POST_HAND_AUTH_ERROR;
+    if (ssl->certReqCtx != NULL) {
+        if (ssl->certReqCtx->len != 1)
+            return BAD_STATE_E;
+        /* We support sending up to 255 certificate requests */
+        if (ssl->certReqCtx->ctx == 255)
+            return BAD_STATE_E;
+    }
 
     certReqCtx = (CertReqCtx*)XMALLOC(sizeof(CertReqCtx), ssl->heap,
                                                        DYNAMIC_TYPE_TMP_BUFFER);