commit 489dccd15863b5bccdc5c8517fa1a91e737c80f4
author Jarno Lamsa <jarno.lamsa@arm.com> Thu Dec 19 15:11:16 2019 +0200
committer Jarno Lamsa <jarno.lamsa@arm.com> Thu Dec 19 17:07:35 2019 +0200
tree 5f6be5c97c245dc6d2ce7e32e4dc36009bb05135
parent 88db2ae9a0e3651c711e7a7b312d91ef8f9eddad

Adress review comments

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d9f1c4a..ba63848 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7309,7 +7309,6 @@
 
     if( authmode == MBEDTLS_SSL_VERIFY_NONE )
     {
-        ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET;
         return( 0 );
     }
 
@@ -7929,6 +7928,14 @@
 int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
 {
     volatile int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET
+                       ? ssl->handshake->sni_authmode
+                       : mbedtls_ssl_conf_get_authmode( ssl->conf );
+#else
+    const int authmode = mbedtls_ssl_conf_get_authmode( ssl->conf );
+#endif
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -7969,6 +7976,19 @@
     }
 #endif /* MBEDTLS_SSL_SRV_C && !MBEDTLS_SSL_NO_SESSION_CACHE */
 
+    if( authmode == MBEDTLS_SSL_VERIFY_NONE )
+    {
+        if( authmode == MBEDTLS_SSL_VERIFY_NONE )
+        {
+            ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET;
+        }
+        else
+        {
+            ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+            goto cleanup;
+        }
+    }
+
 #if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
     if( ssl->handshake->resume )
     {
@@ -7982,7 +8002,7 @@
         else
         {
             ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
-            return( ret );
+            goto cleanup;
         }
     }
 #endif