diff options
author | Christopher Patton <chrispatton@gmail.com> | 2018-07-17 11:36:36 -0700 |
---|---|---|
committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | 2019-01-04 19:29:33 +0000 |
commit | 9cde848bd1109f1a0a77d68b19732ed5535d6953 (patch) | |
tree | d8f55391cd66fa3fc4001d7eb11c9e5572de1060 /ssl/handshake_server.cc | |
parent | 1aaa7aa83c13d52043e1fe342d0df68cc91b7b0e (diff) | |
download | boringssl-9cde848bd1109f1a0a77d68b19732ed5535d6953.zip boringssl-9cde848bd1109f1a0a77d68b19732ed5535d6953.tar.gz boringssl-9cde848bd1109f1a0a77d68b19732ed5535d6953.tar.bz2 |
Use handshake parameters to decide if cert/key are available
Whether the host has a valid certificate or private key may depend on
the handshake parameters and not just its configuration. For example,
negotiating the delegated credential extension (see
https://tools.ietf.org/html/draft-ietf-tls-subcerts) requires an
alternate private key for the handshake.
Change-Id: I11cea1d11e731aa4018d980c010b8d8ebaa64c31
Reviewed-on: https://boringssl-review.googlesource.com/c/33664
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/handshake_server.cc')
-rw-r--r-- | ssl/handshake_server.cc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc index 1572096..15ba2b0 100644 --- a/ssl/handshake_server.cc +++ b/ssl/handshake_server.cc @@ -303,7 +303,7 @@ static void ssl_get_compatible_server_ciphers(SSL_HANDSHAKE *hs, uint32_t mask_k = 0; uint32_t mask_a = 0; - if (ssl_has_certificate(hs->config)) { + if (ssl_has_certificate(hs)) { mask_a |= ssl_cipher_auth_mask_for_key(hs->local_pubkey.get()); if (EVP_PKEY_id(hs->local_pubkey.get()) == EVP_PKEY_RSA) { mask_k |= SSL_kRSA; @@ -868,7 +868,7 @@ static enum ssl_hs_wait_t do_send_server_certificate(SSL_HANDSHAKE *hs) { ScopedCBB cbb; if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) { - if (!ssl_has_certificate(hs->config)) { + if (!ssl_has_certificate(hs)) { OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_SET); return ssl_hs_error; } @@ -974,7 +974,7 @@ static enum ssl_hs_wait_t do_send_server_key_exchange(SSL_HANDSHAKE *hs) { // Add a signature. if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) { - if (!ssl_has_private_key(hs->config)) { + if (!ssl_has_private_key(hs)) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); return ssl_hs_error; } |