Add compile-guard for < TLS1.2 path in server-side ssl_pick_cert()

Minor code-size optimization along the way.
2025-02-25 20:46:57 +00:00 · 2019-02-26 16:48:55 +00:00 · 2019-02-26 16:48:55 +00:00 · 828a8c08b6
parent c69c4465b6
commit 828a8c08b6
1 changed files with 5 additions and 0 deletions
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -862,6 +862,8 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
            continue;
        }

+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
        /*
         * Try to select a SHA-1 certificate for pre-1.2 clients, but still
         * present them a SHA-higher cert rather than failing if it's the only
@ -890,6 +892,9 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
                continue;
            }
        }
+#endif /* MBEDTLS_SSL_PROTO_TLS1   ||
+          MBEDTLS_SSL_PROTO_TLS1_1 ||
+          MBEDTLS_SSL_PROTO_SSL3 */

        /* If we get there, we got a winner */
        break;