Merge checks in ssl_parse_certificate_verify()

This commit is contained in:
Manuel Pégourié-Gonnard 2014-09-10 14:23:38 +00:00 committed by Paul Bakker
parent ca6440b246
commit 72226214b1

View file

@ -3274,20 +3274,15 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
{
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
ssl->state++;
return( 0 );
}
if( ssl->session_negotiate->peer_cert == NULL )
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
ssl->session_negotiate->peer_cert == NULL )
{
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
ssl->state++;
return( 0 );
}
/* Needs to be done before read_record() to exclude current message */
ssl->handshake->calc_verify( ssl, hash );
if( ( ret = ssl_read_record( ssl ) ) != 0 )
@ -3298,13 +3293,8 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
ssl->state++;
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
{
SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
}
if( ssl->in_msg[0] != SSL_HS_CERTIFICATE_VERIFY )
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ||
ssl->in_msg[0] != SSL_HS_CERTIFICATE_VERIFY )
{
SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );