mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-31 01:20:35 +00:00
a9766c2c23
So far, `ssl_client2` printed the CRT info for the peer's CRT by requesting the latter through `mbedtls_ssl_get_peer_cert()` at the end of the handshake, and printing it via `mbedtls_x509_crt_info()`. When `MBEDTLS_SSL_KEEP_PEER_CERTIFICATE` is disabled, this does no longer work because the peer's CRT isn't stored beyond the handshake. This makes some tests in `ssl-opt.sh` fail which rely on the CRT info output for the peer certificate. This commit modifies `ssl_client2` to extract the peer CRT info from the verification callback, which is always called at a time when the peer's CRT is available. This way, the peer's CRT info is still printed if `MBEDTLS_SSL_KEEP_PEER_CERTIFICATE` is disabled.