Merge checks in ssl_parse_certificate_verify()
This commit is contained in:
parent
ca6440b246
commit
72226214b1
1 changed files with 5 additions and 15 deletions
|
@ -3274,20 +3274,15 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
|
|||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
|
||||
{
|
||||
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
|
||||
ssl->state++;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
if( ssl->session_negotiate->peer_cert == NULL )
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
|
||||
ssl->session_negotiate->peer_cert == NULL )
|
||||
{
|
||||
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
|
||||
ssl->state++;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/* Needs to be done before read_record() to exclude current message */
|
||||
ssl->handshake->calc_verify( ssl, hash );
|
||||
|
||||
if( ( ret = ssl_read_record( ssl ) ) != 0 )
|
||||
|
@ -3298,13 +3293,8 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
|
|||
|
||||
ssl->state++;
|
||||
|
||||
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
|
||||
}
|
||||
|
||||
if( ssl->in_msg[0] != SSL_HS_CERTIFICATE_VERIFY )
|
||||
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ||
|
||||
ssl->in_msg[0] != SSL_HS_CERTIFICATE_VERIFY )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
|
||||
|
|
Loading…
Reference in a new issue