cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Remove peer CRT from mbedtls_ssl_session if new option is disabled

Browse Source
This commit is contained in:
Hanno Becker 2019-02-07 13:29:55 +00:00
parent 2a831a4ba7
commit abe6f66c00
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/mbedtls/ssl.h
View File

@ -818,14 +818,15 @@ struct mbedtls_ssl_session
unsigned char master[48]; /*!< the master secret */ unsigned char master[48]; /*!< the master secret */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */ mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/*! The digest of the peer's end-CRT. This must be kept to detect CRT /*! The digest of the peer's end-CRT. This must be kept to detect CRT
* changes during renegotiation, mitigating the triple handshake attack. */ * changes during renegotiation, mitigating the triple handshake attack. */
unsigned char *peer_cert_digest; unsigned char *peer_cert_digest;
size_t peer_cert_digest_len; size_t peer_cert_digest_len;
mbedtls_md_type_t peer_cert_digest_type; mbedtls_md_type_t peer_cert_digest_type;
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
uint32_t verify_result; /*!< verification result */ uint32_t verify_result; /*!< verification result */