diff options
author | Hanno Becker <hanno.becker@arm.com> | 2019-02-07 13:29:55 +0000 |
---|---|---|
committer | Hanno Becker <hanno.becker@arm.com> | 2019-02-26 14:38:09 +0000 |
commit | abe6f66c00452dd314cfc3ca80c1136a420510cd (patch) | |
tree | 9e572bfda0e6956595b088a066b78eefbbfbfd5e | |
parent | 2a831a4ba7c1344ecd219e735adca1987e090154 (diff) | |
download | mbedtls-abe6f66c00452dd314cfc3ca80c1136a420510cd.zip mbedtls-abe6f66c00452dd314cfc3ca80c1136a420510cd.tar.gz mbedtls-abe6f66c00452dd314cfc3ca80c1136a420510cd.tar.bz2 |
Remove peer CRT from mbedtls_ssl_session if new option is disabled
-rw-r--r-- | include/mbedtls/ssl.h | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6dcc43b..dad8ebd 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -818,14 +818,15 @@ struct mbedtls_ssl_session unsigned char master[48]; /*!< the master secret */ #if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */ -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) +#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ /*! The digest of the peer's end-CRT. This must be kept to detect CRT * changes during renegotiation, mitigating the triple handshake attack. */ unsigned char *peer_cert_digest; size_t peer_cert_digest_len; mbedtls_md_type_t peer_cert_digest_type; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ uint32_t verify_result; /*!< verification result */ |