yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Introduce CRT counter to CRT chain parsing function

Browse source 
So far, we've used the `peer_cert` pointer to detect whether
we're parsing the first CRT, but that will soon be removed
if `MBEDTLS_SSL_KEEP_PEER_CERTIFICATE` is unset.
This commit is contained in:
Hanno Becker 2019-02-05 12:38:45 +00:00
parent 1294a0b260
commit a028c5bbd8
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
library/ssl_tls.c
View file

@ -5757,7 +5757,7 @@ static void ssl_clear_peer_cert( mbedtls_ssl_session *session )
*/
static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl )
{
int ret;
int ret, crt_cnt=0;
size_t i, n;
uint8_t alert;
@ -5884,7 +5884,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl )
}
/* Check if we're handling the first CRT in the chain. */
if( ssl->session_negotiate->peer_cert == NULL )
if( crt_cnt++ == 0 )
{
/* During client-side renegotiation, check that the server's
* end-CRTs hasn't changed compared to the initial handshake,