move client_auth to handshake

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-28 11:05:58 +08:00 · 2022-01-28 11:05:58 +08:00 · fb28b88e26
commit fb28b88e26
parent 7ce0f2aa6b
4 changed files with 14 additions and 11 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1615,12 +1615,7 @@ struct mbedtls_ssl_context
    /*
     * PKI layer
     */
-#if defined(MBEDTLS_SSL_CLI_C)
-    int MBEDTLS_PRIVATE(client_auth);           /*!< used to check if CertificateRequest is
-                                                     received from server side. If
-                                                     CertificateReqeust is received, Certificate
-                                                     and CertificateVerify should be sent to server */
-#endif /* MBEDTLS_SSL_CLI_C */
+
    /*
     * User settings
     */
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -3137,12 +3137,13 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
    }

    ssl->state++;
-    ssl->client_auth = ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST );
+    ssl->handshake->client_auth =
+                    ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST );

    MBEDTLS_SSL_DEBUG_MSG( 3, ( "got %s certificate request",
-                        ssl->client_auth ? "a" : "no" ) );
+                        ssl->handshake->client_auth ? "a" : "no" ) );

-    if( ssl->client_auth == 0 )
+    if( ssl->handshake->client_auth == 0 )
    {
        /* Current message is probably the ServerHelloDone */
        ssl->keep_current_message = 1;
@ -3794,7 +3795,8 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
        return( 0 );
    }

-    if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL )
+    if( ssl->handshake->client_auth == 0 ||
+        mbedtls_ssl_own_cert( ssl ) == NULL )
    {
        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
        ssl->state++;
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -768,6 +768,12 @@ struct mbedtls_ssl_handshake_params
                                * but can be overwritten by the HRR. */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

+#if defined(MBEDTLS_SSL_CLI_C)
+    int client_auth;           /*!< used to check if CertificateRequest is received
+                                    from server side. If CertificateReqeust is
+                                    received, Certificate and CertificateVerify
+                                    should be sent to server */
+#endif /* MBEDTLS_SSL_CLI_C */
    /*
     * State-local variables used during the processing
     * of a specific handshake state.
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1701,7 +1701,7 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_SSL_CLI_C)
    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
    {
-        if( ssl->client_auth == 0 )
+        if( ssl->handshake->client_auth == 0 )
        {
            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
            ssl->state++;