mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-06-02 18:00:21 +00:00
Correct compile-time guards for ssl_clear_peer_cert()
It is used in `mbedtls_ssl_session_free()` under `MBEDTLS_X509_CRT_PARSE_C`, but defined only if `MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED`. Issue #2422 tracks the use of `MBEDTLS_KEY_EXCHANGE__WITH_CERT_ENABLED` instead of `MBEDTLS_X509_CRT_PARSE_C` for code and fields related to CRT-based ciphersuites.
This commit is contained in:
Hanno Becker
parent
e31505d64e
commit
b9d4479080
|
|
@ -5570,6 +5570,29 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
|
static void ssl_clear_peer_cert( mbedtls_ssl_session *session )
|
||||||
|
{
|
||||||
|
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||||
|
if( session->peer_cert != NULL )
|
||||||
|
{
|
||||||
|
mbedtls_x509_crt_free( session->peer_cert );
|
||||||
|
mbedtls_free( session->peer_cert );
|
||||||
|
session->peer_cert = NULL;
|
||||||
|
}
|
||||||
|
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||||
|
if( session->peer_cert_digest != NULL )
|
||||||
|
{
|
||||||
|
/* Zeroization is not necessary. */
|
||||||
|
mbedtls_free( session->peer_cert_digest );
|
||||||
|
session->peer_cert_digest = NULL;
|
||||||
|
session->peer_cert_digest_type = MBEDTLS_MD_NONE;
|
||||||
|
session->peer_cert_digest_len = 0;
|
||||||
|
}
|
||||||
|
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Handshake functions
|
* Handshake functions
|
||||||
*/
|
*/
|
||||||
|
|
@ -5773,27 +5796,6 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
|
||||||
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||||
#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
|
#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
|
||||||
|
|
||||||
static void ssl_clear_peer_cert( mbedtls_ssl_session *session )
|
|
||||||
{
|
|
||||||
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
|
||||||
if( session->peer_cert != NULL )
|
|
||||||
{
|
|
||||||
mbedtls_x509_crt_free( session->peer_cert );
|
|
||||||
mbedtls_free( session->peer_cert );
|
|
||||||
session->peer_cert = NULL;
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
if( session->peer_cert_digest != NULL )
|
|
||||||
{
|
|
||||||
/* Zeroization is not necessary. */
|
|
||||||
mbedtls_free( session->peer_cert_digest );
|
|
||||||
session->peer_cert_digest = NULL;
|
|
||||||
session->peer_cert_digest_type = MBEDTLS_MD_NONE;
|
|
||||||
session->peer_cert_digest_len = 0;
|
|
||||||
}
|
|
||||||
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Once the certificate message is read, parse it into a cert chain and
|
* Once the certificate message is read, parse it into a cert chain and
|
||||||
* perform basic checks, but leave actual verification to the caller
|
* perform basic checks, but leave actual verification to the caller
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue