ssl: replace remaining occurrence of pk_can_do with pk_get_key_type

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2026-03-20 19:21:09 +01:00 · 2025-12-05 15:57:39 +01:00
parent 9eb5b2a146
commit d8f0b37d1a
1 changed files with 1 additions and 1 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8782,7 +8782,7 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
    defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
    if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
-        mbedtls_pk_can_do(&chain->pk, MBEDTLS_PK_ECKEY)) {
+        PSA_KEY_TYPE_IS_ECC(mbedtls_pk_get_type(&chain->pk))) {
        if (mbedtls_ssl_check_curve(ssl, mbedtls_pk_get_ec_group_id(&chain->pk)) != 0) {
            MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (EC key curve)"));
            ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;