mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 09:15:35 +00:00
use_srtp extension shall not interfere in the handshake settings
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
This commit is contained in:
parent
d576fdb1d6
commit
4f099264b5
|
@ -3055,39 +3055,14 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET )
|
||||
authmode = ssl->handshake->sni_authmode;
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
/*
|
||||
* check if we have a chosen srtp protection profile,
|
||||
* force verify mode to be at least OPTIONAL
|
||||
*/
|
||||
if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE &&
|
||||
ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE )
|
||||
{
|
||||
authmode = MBEDTLS_SSL_VERIFY_OPTIONAL;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
authmode = ssl->conf->authmode;
|
||||
|
||||
if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ||
|
||||
authmode == MBEDTLS_SSL_VERIFY_NONE )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
/* check if we have a chosen srtp protection profile */
|
||||
if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "should not happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
|
||||
}
|
||||
else
|
||||
{
|
||||
#endif
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
|
||||
return( 0 );
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
}
|
||||
#endif
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -2088,21 +2088,9 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
|
|||
|
||||
if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
/* check if we have a chosen srtp protection profile */
|
||||
if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
|
||||
}
|
||||
else
|
||||
{
|
||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
|
||||
ssl->state++;
|
||||
return( 0 );
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
}
|
||||
#endif
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
|
||||
ssl->state++;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
|
@ -2727,22 +2715,9 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET
|
||||
? ssl->handshake->sni_authmode
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
: ssl->dtls_srtp_info.chosen_dtls_srtp_profile !=
|
||||
MBEDTLS_SRTP_UNSET_PROFILE
|
||||
&& ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE
|
||||
? MBEDTLS_SSL_VERIFY_OPTIONAL
|
||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||
: ssl->conf->authmode;
|
||||
#else
|
||||
const int authmode =
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
ssl->dtls_srtp_info.chosen_dtls_srtp_profile !=
|
||||
MBEDTLS_SRTP_UNSET_PROFILE &&
|
||||
ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ?
|
||||
MBEDTLS_SSL_VERIFY_OPTIONAL :
|
||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||
ssl->conf->authmode;
|
||||
const int authmode = ssl->conf->authmode;
|
||||
#endif
|
||||
void *rs_ctx = NULL;
|
||||
mbedtls_x509_crt *chain = NULL;
|
||||
|
|
Loading…
Reference in a new issue