mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-28 19:21:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

move client_auth to handshake

Browse Source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-01-28 11:05:58 +08:00
parent 7ce0f2aa6b
commit fb28b88e26
4 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
include/mbedtls/ssl.h
View File

@ -1615,12 +1615,7 @@ struct mbedtls_ssl_context
/* /*
* PKI layer * PKI layer
*/ */
#if defined(MBEDTLS_SSL_CLI_C)
int MBEDTLS_PRIVATE(client_auth); /*!< used to check if CertificateRequest is
received from server side. If
CertificateReqeust is received, Certificate
and CertificateVerify should be sent to server */
#endif /* MBEDTLS_SSL_CLI_C */
/* /*
* User settings * User settings
*/ */

10
library/ssl_cli.c
View File

@ -3137,12 +3137,13 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
} }
ssl->state++; ssl->state++;
ssl->client_auth = ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST ); ssl->handshake->client_auth =
( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "got %s certificate request", MBEDTLS_SSL_DEBUG_MSG( 3, ( "got %s certificate request",
ssl->client_auth ? "a" : "no" ) ); ssl->handshake->client_auth ? "a" : "no" ) );
if( ssl->client_auth == 0 ) if( ssl->handshake->client_auth == 0 )
{ {
/* Current message is probably the ServerHelloDone */ /* Current message is probably the ServerHelloDone */
ssl->keep_current_message = 1; ssl->keep_current_message = 1;
@ -3794,7 +3795,8 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL ) if( ssl->handshake->client_auth == 0 ||
mbedtls_ssl_own_cert( ssl ) == NULL )
{ {
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
ssl->state++; ssl->state++;

6
library/ssl_misc.h
View File

@ -768,6 +768,12 @@ struct mbedtls_ssl_handshake_params
* but can be overwritten by the HRR. */ * but can be overwritten by the HRR. */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_CLI_C)
int client_auth; /*!< used to check if CertificateRequest is received
from server side. If CertificateReqeust is
received, Certificate and CertificateVerify
should be sent to server */
#endif /* MBEDTLS_SSL_CLI_C */
/* /*
* State-local variables used during the processing * State-local variables used during the processing
* of a specific handshake state. * of a specific handshake state.

2
library/ssl_tls.c
View File

@ -1701,7 +1701,7 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{ {
if( ssl->client_auth == 0 ) if( ssl->handshake->client_auth == 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
ssl->state++; ssl->state++;