diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 40d597569..fff5e9d8f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6189,14 +6189,14 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) { +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) if( session->peer_cert != NULL ) { mbedtls_x509_crt_free( session->peer_cert ); mbedtls_free( session->peer_cert ); session->peer_cert = NULL; } - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) +#else if( session->peer_cert_digest != NULL ) { /* Zeroization is not necessary. */ @@ -6205,7 +6205,7 @@ static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) session->peer_cert_digest_type = MBEDTLS_MD_NONE; session->peer_cert_digest_len = 0; } -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ } /*