cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Assert presence of server certificate in Certificate writer

Browse Source 
The server-side `Certificate` handshake message writer checks
whether a certificate is present, and if not fails with:

```
   MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED
```

This should never happen, since the library checks the presence
of a suitable certificate before picking a ciphersuite. It is
therefore more suitable to convert this check into an assertion,
and fail with MBEDTLS_ERR_SSL_INTERNAL_ERROR upon failure.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit is contained in:
Hanno Becker 2021-04-30 05:38:24 +01:00
parent 56ee9e5f14
commit 9cfe6e977d
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
library/ssl_tls.c
View File

@ -1936,8 +1936,9 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
{ {
if( mbedtls_ssl_own_cert( ssl ) == NULL ) if( mbedtls_ssl_own_cert( ssl ) == NULL )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) ); /* Should never happen because we shouldn't have picked the
return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED ); * ciphersuite if we don't have a certificate. */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
} }
#endif #endif