yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 12:55:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Re-classify errors on missing peer CRT

Browse Source 
mbedtls_ssl_parse_certificate() will fail if a ciphersuite requires
a certificate, but none is provided. While it is sensible to double-
check this, failure should be reported as an internal error and not
as an unexpected message.
This commit is contained in:
Hanno Becker 2019-02-06 17:37:32 +00:00
parent a177b38618
commit f02d5501d8
1 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
library/ssl_cli.c
View File

@ -2315,8 +2315,8 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
if( ssl->session_negotiate->peer_cert == NULL ) if( ssl->session_negotiate->peer_cert == NULL )
{ {
MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) ); /* Should never happen */
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
/* /*
@ -2427,8 +2427,8 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
if( ssl->session_negotiate->peer_cert == NULL ) if( ssl->session_negotiate->peer_cert == NULL )
{ {
MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) ); /* Should never happen */
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
@ -2749,10 +2749,8 @@ start_processing:
if( ssl->session_negotiate->peer_cert == NULL ) if( ssl->session_negotiate->peer_cert == NULL )
{ {
MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) ); /* Should never happen */
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
} }
/* /*