ssl: ignore CertificateRequest's content for real
- document why we made that choice - remove the two TODOs about checking hash and CA - remove the code that parsed certificate_type: it did nothing except store the selected type in handshake->cert_type, but that field was never accessed afterwards. Since handshake_params is now an internal type, we can remove that field without breaking the ABI.
This commit is contained in:
Manuel Pégourié-Gonnard
Simon Butcher
parent
56e9ae2bf2
commit
d1b7f2b8cf
3 changed files with 31 additions and 44 deletions
|
|
@ -1594,7 +1594,12 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
|
|||
* adequate, preference is given to the one set by the first
|
||||
* call to this function, then second, etc.
|
||||
*
|
||||
* \note On client, only the first call has any effect.
|
||||
* \note On client, only the first call has any effect. That is,
|
||||
* only one client certificate can be provisioned. The
|
||||
* server's preferences in its CertficateRequest message will
|
||||
* be ignored and our only cert will be sent regardless of
|
||||
* whether it matches those preferences - the server can then
|
||||
* decide what it wants to do with it.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param own_cert own public certificate chain
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue