From 8671e7b9f7bea77db5f3bd7dd7705002a28b1781 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 16 Aug 2019 09:55:15 +0100
Subject: [PATCH] Remove redundant SHA-1 code-path in TLS-1.2 handling of
 CrtVrfy

SHA-1 is no longer offered nor accepted for the client's CertificateVerify
message in TLS 1.2. See 0a64170.
---
 library/ssl_srv.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 39edd834d..b058e7c81 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -4539,11 +4539,6 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
             goto exit;
         }
 
-#if !defined(MBEDTLS_MD_SHA1)
-        if( MBEDTLS_MD_SHA1 == md_alg )
-            hash_start += 16;
-#endif
-
         /* Info from md_alg will be used instead */
         hashlen = 0;