Remove dependency from SSL on PK internals
So far, with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled, the SSL module relied
on a undocumented feature of the PK module: that you can distinguish between
contexts that have been setup and context that haven't. This feature is going
to go away in the case of PK_SINGLE_TYPE, as we'll soon (as in: the next
commit does that) no longer be storing the (now two-valued) pk_info member.
Note even with this change, we could still distinguish if the context has been
set up by look if pk_ctx is NULL or not, but this is also going away in the
near future (a few more commits down the road), so not a good option either.
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index bfd659e..747b9f4 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -4454,15 +4454,10 @@
/* Skip if we haven't received a certificate from the client.
* If MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is set, this can be
* inferred from the setting of mbedtls_ssl_session::peer_cert.
- * If MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is not set, it can
- * be inferred from whether we've held back the peer CRT's
- * public key in mbedtls_ssl_handshake_params::peer_pubkey. */
+ * If MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is not set, it is tracked in a
+ * specific variable. */
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- /* Because the peer CRT pubkey is embedded into the handshake
- * params currently, and there's no 'is_init' functions for PK
- * contexts, we need to break the abstraction and peek into
- * the PK context to see if it has been initialized. */
- if( ssl->handshake->peer_pubkey.pk_info != MBEDTLS_PK_INVALID_HANDLE )
+ if( ssl->handshake->got_peer_pubkey )
peer_pk = &ssl->handshake->peer_pubkey;
#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
if( ssl->session_negotiate->peer_cert != NULL )