From 8794fd927c248faa4142c11286f88c4e97fbade2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 5 Feb 2019 12:38:45 +0000 Subject: [PATCH] Introduce CRT counter to CRT chain parsing function So far, we've used the `peer_cert` pointer to detect whether we're parsing the first CRT, but that will soon be removed if `MBEDTLS_SSL_KEEP_PEER_CERTIFICATE` is unset. --- library/ssl_tls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e06ce999cc..94184659de 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6171,7 +6171,7 @@ static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) */ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl ) { - int ret; + int ret, crt_cnt=0; size_t i, n; uint8_t alert; @@ -6298,7 +6298,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl ) } /* Check if we're handling the first CRT in the chain. */ - if( ssl->session_negotiate->peer_cert == NULL ) + if( crt_cnt++ == 0 ) { /* During client-side renegotiation, check that the server's * end-CRTs hasn't changed compared to the initial handshake,