From: Michael Brown <mcb30@etherboot.org>
Date: Mon, 30 Jul 2007 02:30:27 +0000 (+0100)
Subject: tls_change_cipher() can complain about null cipher and digest
X-Git-Tag: v0.9.3~144
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=847ac4f3363ebdc4e2eb4fa462a09443256a1c38;p=thirdparty%2Fipxe.git

tls_change_cipher() can complain about null cipher and digest
algorithms; we only need the pubkey check disabled (and only because
pubkey algorithms are not yet integrated into the crypto_algorithm
subsystem).
---

diff --git a/src/net/tls.c b/src/net/tls.c
index dcdb66014..64e44b55d 100644
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -498,16 +498,14 @@ static int tls_change_cipher ( struct tls_session *tls,
 			       struct tls_cipherspec *pending,
 			       struct tls_cipherspec *active ) {
 
-	/* FIXME: Why is this disabled? */
-#if 0
 	/* Sanity check */
-	if ( ( pending->pubkey == &crypto_null ) ||
+	if ( /* FIXME (when pubkey is not hard-coded to RSA):
+	      * ( pending->pubkey == &crypto_null ) || */
 	     ( pending->cipher == &crypto_null ) ||
 	     ( pending->digest == &crypto_null ) ) {
 		DBGC ( tls, "TLS %p refusing to use null cipher\n", tls );
 		return -ENOTSUP;
 	}
-#endif
 
 	tls_clear_cipher ( tls, active );
 	memswap ( active, pending, sizeof ( *active ) );