Remove redundant SHA-1 code-path in TLS-1.2 handling of CrtVrfy

SHA-1 is no longer offered nor accepted for the client's CertificateVerify message in TLS 1.2. See 0a64170.
2024-11-26 11:35:38 +01:00 · 2019-08-16 09:55:15 +01:00 · 2019-08-16 09:55:15 +01:00 · 8671e7b9f7
commit 8671e7b9f7
parent 2f41b248c1
1 changed files with 0 additions and 5 deletions
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -4539,11 +4539,6 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
            goto exit;
        }

-#if !defined(MBEDTLS_MD_SHA1)
-        if( MBEDTLS_MD_SHA1 == md_alg )
-            hash_start += 16;
-#endif
-
        /* Info from md_alg will be used instead */
        hashlen = 0;