ssl: replace usage of mbedtls_pk_can_do() with mbedtls_pk_get_key_type()

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2026-03-20 11:11:08 +01:00 · 2025-12-02 09:33:33 +01:00
parent 1de094fb32
commit 902467d62f
1 changed files with 4 additions and 2 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5605,13 +5605,15 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf)
 */
 unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
 {
+    psa_key_type_t key_type = mbedtls_pk_get_key_type(pk);
+
 #if defined(MBEDTLS_RSA_C)
-    if (mbedtls_pk_can_do(pk, MBEDTLS_PK_RSA)) {
+    if (PSA_KEY_TYPE_IS_RSA(key_type)) {
        return MBEDTLS_SSL_SIG_RSA;
    }
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)
-    if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) {
+    if (PSA_KEY_TYPE_IS_ECC(key_type)) {
        return MBEDTLS_SSL_SIG_ECDSA;
    }
 #endif