TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 58535da8d09ea178d44f6992a8b0771c076784a4^! / .
commit58535da8d09ea178d44f6992a8b0771c076784a4[log] [tgz]
authorGabor Mezei <gabor.mezei@arm.com>Mon Mar 03 15:43:50 2025 +0100
committerGabor Mezei <gabor.mezei@arm.com>Thu Mar 20 17:53:07 2025 +0100
tree4c33904c98493c9d03b02df1d40ef296e00bb07c
parent3ead04a12dd70107c2e3e57e238c648045f52934 [diff]
Only check for certificates if it is supported

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>

diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 542d1f0..fb88cf2 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c

@@ -654,6 +654,7 @@
  * Try picking a certificate for this ciphersuite,
  * return 0 on success and -1 on failure.
  */
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_pick_cert(mbedtls_ssl_context *ssl,
                          const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
@@ -744,6 +745,8 @@
 
     return -1;
 }
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 /*
@@ -806,6 +809,8 @@
     }
 #endif
 
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
     /*
      * Final check: if ciphersuite requires us to have a
@@ -821,7 +826,6 @@
     }
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     /* If the ciphersuite requires signing, check whether
      * a suitable hash algorithm is present. */
     sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info);

diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 6c7eed5..354e97e 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c

@@ -315,6 +315,7 @@
 };
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 /** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function
  *  for more info.
@@ -352,7 +353,6 @@
 }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 static void mbedtls_print_supported_sig_algs(void)
 {
     mbedtls_printf("supported signature algorithms:\n");