mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-28 19:21:08 +00:00
Assert presence of server certificate in Certificate writer
The server-side `Certificate` handshake message writer checks whether a certificate is present, and if not fails with: ``` MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED ``` This should never happen, since the library checks the presence of a suitable certificate before picking a ciphersuite. It is therefore more suitable to convert this check into an assertion, and fail with MBEDTLS_ERR_SSL_INTERNAL_ERROR upon failure. Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit is contained in:
parent
56ee9e5f14
commit
9cfe6e977d
@ -1936,8 +1936,9 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
if( mbedtls_ssl_own_cert( ssl ) == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
|
||||
return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED );
|
||||
/* Should never happen because we shouldn't have picked the
|
||||
* ciphersuite if we don't have a certificate. */
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
Loading…
x
Reference in New Issue
Block a user