mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-03-20 19:21:09 +01:00
624fc2e0de
When we are doing PSK, we'd like to set verify_result to MBEDTLS_X509_BADCERT_SKIP_VERIFY. Previously this was done in mbedtls_ssl_set_hs_psk() but this is inadequate since this function may be called for early data (where certificate verification happens later in the handshake. Instead, set this value after writing / processing the encrypted extensions on the server / client respectively, so that we know whether we are doing certificate verification or not for sure. This change is effective only for TLS 1.3 as TLS 1.2 sets verify_result for PSK in ssl_parse_certificate_coordinate(). Signed-off-by: David Horstmann <david.horstmann@arm.com>
105 KiB
105 KiB