diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b3e50a64e..f012fb6a8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5775,14 +5775,14 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) { +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) if( session->peer_cert != NULL ) { mbedtls_x509_crt_free( session->peer_cert ); mbedtls_free( session->peer_cert ); session->peer_cert = NULL; } - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) +#else if( session->peer_cert_digest != NULL ) { /* Zeroization is not necessary. */ @@ -5791,7 +5791,7 @@ static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) session->peer_cert_digest_type = MBEDTLS_MD_NONE; session->peer_cert_digest_len = 0; } -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ } /*