From a028c5bbd82d1d46a4fae5b374dfe7077cc5527a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 5 Feb 2019 12:38:45 +0000 Subject: [PATCH] Introduce CRT counter to CRT chain parsing function So far, we've used the `peer_cert` pointer to detect whether we're parsing the first CRT, but that will soon be removed if `MBEDTLS_SSL_KEEP_PEER_CERTIFICATE` is unset. --- library/ssl_tls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1ccb278918..d2cb8937df 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5757,7 +5757,7 @@ static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) */ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl ) { - int ret; + int ret, crt_cnt=0; size_t i, n; uint8_t alert; @@ -5884,7 +5884,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl ) } /* Check if we're handling the first CRT in the chain. */ - if( ssl->session_negotiate->peer_cert == NULL ) + if( crt_cnt++ == 0 ) { /* During client-side renegotiation, check that the server's * end-CRTs hasn't changed compared to the initial handshake,