From 908f57dfbaea05ad2c2e89f6b86da5bddff1871f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 16 Aug 2024 10:01:48 +0200 Subject: [PATCH] Minor refactoring of generic SSL certificate verif MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Rename as there was a name collision with a static function in another file: ssl_parse_certificate_verify in ssl_tls12_server.c is the function that parses the CertificateVerify message, which seems appropriate. Here it meant "the 'verify' step after parsing the Certificate message". Use a name that focuses on what it does: verify, not parse. Also, take ciphersuite_info as an argument: when TLS 1.3 calls this function, it can pass NULL as the ciphersuite has no influence there. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7db0f6dd40..e87f985e51 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7939,14 +7939,13 @@ static int ssl_parse_certificate_coordinate(mbedtls_ssl_context *ssl, } MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl, - int authmode, - mbedtls_x509_crt *chain, - void *rs_ctx) +static int ssl_verify_certificate(mbedtls_ssl_context *ssl, + int authmode, + mbedtls_x509_crt *chain, + const mbedtls_ssl_ciphersuite_t *ciphersuite_info, + void *rs_ctx) { int ret = 0; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; int have_ca_chain_or_callback = 0; if (authmode == MBEDTLS_SSL_VERIFY_NONE) { @@ -8246,8 +8245,8 @@ crt_verify: } #endif - ret = ssl_parse_certificate_verify(ssl, authmode, - chain, rs_ctx); + ret = ssl_verify_certificate(ssl, authmode, chain, + ssl->handshake->ciphersuite_info, rs_ctx); if (ret != 0) { goto exit; }