diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 3cde3752fb..53ed93766f 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1988,6 +1988,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ) { @@ -2013,6 +2014,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ) { diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 12ccb12826..33ce2bc2f4 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1777,6 +1777,7 @@ static int ssl_write_certificate_request( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) ); if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ) { @@ -1803,6 +1804,7 @@ static int ssl_write_certificate_request( ssl_context *ssl ) ssl->state++; if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK || ssl->authmode == SSL_VERIFY_NONE ) @@ -2689,6 +2691,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ) { @@ -2717,6 +2720,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a05b21e3ac..c1e3d374f8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2315,6 +2315,7 @@ int ssl_send_alert_message( ssl_context *ssl, * Handshake functions */ #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ + !defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) @@ -2487,7 +2488,8 @@ int ssl_parse_certificate( ssl_context *ssl ) } if( ssl->endpoint == SSL_IS_SERVER && - ssl->authmode == SSL_VERIFY_NONE ) + ( ssl->authmode == SSL_VERIFY_NONE || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ) ) { ssl->session_negotiate->verify_result = BADCERT_SKIP_VERIFY; SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );