mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-27 15:35:50 +00:00
Adapt client auth detection in ssl_parse_certificate_verify()
The server expects a CertificateVerify message only if it has previously received a Certificate from the client. So far, this was detected by looking at the `peer_cert` field in the current session. Preparing to remove the latter, this commit changes this to instead determine the presence of a peer certificate by checking the new `peer_cert_digest` pointer.
This commit is contained in:
parent
57b33c9e4e
commit
2a831a4ba7
@ -4066,14 +4066,29 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
|
||||
|
||||
if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ||
|
||||
ssl->session_negotiate->peer_cert == NULL )
|
||||
if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
|
||||
ssl->state++;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
if( ssl->session_negotiate->peer_cert == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
|
||||
ssl->state++;
|
||||
return( 0 );
|
||||
}
|
||||
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
if( ssl->session_negotiate->peer_cert_digest == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
|
||||
ssl->state++;
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
|
||||
/* Read the message without adding it to the checksum */
|
||||
ret = mbedtls_ssl_read_record( ssl, 0 /* no checksum update */ );
|
||||
if( 0 != ret )
|
||||
|
Loading…
x
Reference in New Issue
Block a user