Merge pull request #5472 from yuhaoth/pr/move-client-auth

Move client_auth to handshake
2022-02-09 10:57:00 +01:00 · 2022-02-09 10:57:00 +01:00 · 62b49cd06a
commit 62b49cd06a
parent 9193f7d836 5c7d1cce97
4 changed files with 13 additions and 10 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1612,11 +1612,6 @@ struct mbedtls_ssl_context
    uint16_t MBEDTLS_PRIVATE(mtu);               /*!< path mtu, used to fragment outgoing messages */
 #endif /* MBEDTLS_SSL_PROTO_DTLS */

-    /*
-     * PKI layer
-     */
-    int MBEDTLS_PRIVATE(client_auth);                    /*!<  flag for client auth.   */
-
    /*
     * User settings
     */
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -3137,12 +3137,13 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
    }

    ssl->state++;
-    ssl->client_auth = ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST );
+    ssl->handshake->client_auth =
+                    ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST );

    MBEDTLS_SSL_DEBUG_MSG( 3, ( "got %s certificate request",
-                        ssl->client_auth ? "a" : "no" ) );
+                        ssl->handshake->client_auth ? "a" : "no" ) );

-    if( ssl->client_auth == 0 )
+    if( ssl->handshake->client_auth == 0 )
    {
        /* Current message is probably the ServerHelloDone */
        ssl->keep_current_message = 1;
@ -3794,7 +3795,8 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
        return( 0 );
    }

-    if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL )
+    if( ssl->handshake->client_auth == 0 ||
+        mbedtls_ssl_own_cert( ssl ) == NULL )
    {
        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
        ssl->state++;
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -775,6 +775,12 @@ struct mbedtls_ssl_handshake_params
                                * but can be overwritten by the HRR. */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

+#if defined(MBEDTLS_SSL_CLI_C)
+    uint8_t client_auth;       /*!< used to check if CertificateRequest has been
+                                    received from server side. If CertificateRequest
+                                    has been received, Certificate and CertificateVerify
+                                    should be sent to server */
+#endif /* MBEDTLS_SSL_CLI_C */
    /*
     * State-local variables used during the processing
     * of a specific handshake state.
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1706,7 +1706,7 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_SSL_CLI_C)
    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
    {
-        if( ssl->client_auth == 0 )
+        if( ssl->handshake->client_auth == 0 )
        {
            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
            ssl->state++;