Remove the certificate key check against the received signature
Change-Id: I07d8d46c58dec499f96cb7307fc0af15149d9df7
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 6ddacba..22562a5 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -337,27 +337,6 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/*
- * Return 0 if the given key uses one of the acceptable curves, -1 otherwise
- */
-static int ssl_tls13_check_key_sigs( mbedtls_pk_context *pk,
- uint16_t *sig_alg )
-{
- mbedtls_pk_type_t pk_type;
- mbedtls_md_type_t md_alg;
-
- while( *sig_alg != MBEDTLS_TLS1_3_SIG_NONE )
- {
- mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
- *sig_alg, &pk_type, &md_alg );
- if( pk_type == mbedtls_pk_get_type(pk) )
- return( 0 );
- sig_alg++;
- }
-
- return( -1 );
-}
-
-/*
* Try picking a certificate for this ciphersuite,
* return 0 on success and -1 on failure.
*/
@@ -394,14 +373,6 @@
continue;
}
- if( ssl_tls13_check_key_sigs( &cur->cert->pk,
- ssl->handshake->received_sig_algs ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG(
- 3, ( "certificate key mismatch: received_sig_algs" ) );
- continue;
- }
-
break;
}
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index c451708..7124c8f 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5363,7 +5363,6 @@
# tests for SNI
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: no SNI callback" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key" \