]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
projects / thirdparty / gnutls.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7a74852)
handshake: remove unnecessary HSK_CRT_SENT flag
authorDaiki Ueno <dueno@redhat.com>
Mon, 1 Apr 2019 12:14:12 +0000 (14:14 +0200)
committerDaiki Ueno <dueno@redhat.com>
Wed, 3 Apr 2019 15:13:54 +0000 (17:13 +0200)
Previously, while the flag HSK_CRT_SENT was checked in
_gnutls13_send_certificate_verify, the flag was never set anywhere.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
lib/gnutls_int.h patch | blob | blame | history
lib/tls13/certificate_verify.c patch | blob | blame | history

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index f5c89c18cfd4818b8a51f6dce701faae111a7872..72d6c066b67b78a1a5bd36edc8637d725858cdff 100644 (file)
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1320,7 +1320,6 @@ typedef struct {
 #define HSK_PSK_KE_MODES_RECEIVED (HSK_PSK_KE_MODE_PSK|HSK_PSK_KE_MODE_DHE_PSK|HSK_PSK_KE_MODE_INVALID)
 
 #define HSK_CRT_VRFY_EXPECTED 1
-#define HSK_CRT_SENT (1<<1)
 #define HSK_CRT_ASKED (1<<2)
 #define HSK_HRR_SENT (1<<3)
 #define HSK_HRR_RECEIVED (1<<4)
diff --git a/lib/tls13/certificate_verify.c b/lib/tls13/certificate_verify.c
index 72b4488115c97a1c906ca8c45911eebcdd6eec66..55245f2efd0ff050441c738098ec71d9215cc320 100644 (file)
--- a/lib/tls13/certificate_verify.c
+++ b/lib/tls13/certificate_verify.c
@@ -179,11 +179,11 @@ int _gnutls13_send_certificate_verify(gnutls_session_t session, unsigned again)
                        if (server) {
                                return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
                        } else {
-                               /* if we didn't get a cert request there will not be any */
-                               if (!(session->internals.hsk_flags & HSK_CRT_SENT))
-                                       return 0;
-                               else
-                                       return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+                               /* for client, this means either we
+                                * didn't get a cert request or we are
+                                * declining authentication; in either
+                                * case we don't send a cert verify */
+                               return 0;
                        }
                }
 
Mirror of https://gitlab.com/gnutls/gnutls.git