Ignore ECJPAKE suite if not configured on server
This commit is contained in:
Manuel Pégourié-Gonnard
parent
c1b46d0242
commit
e511b4e7cb
2 changed files with 32 additions and 0 deletions
|
|
@ -707,6 +707,17 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
|
||||
mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: "
|
||||
"ecjpake not configured" ) );
|
||||
return( 0 );
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
if( mbedtls_ssl_ciphersuite_uses_ec( suite_info ) &&
|
||||
( ssl->handshake->curves == NULL ||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue