commit 9659dae04642e22f3470b61b4dba39a4506cc6ba
author Paul Bakker <p.j.bakker@polarssl.org> Wed Aug 28 16:21:34 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Wed Aug 28 16:21:34 2013 +0200
tree 666d903834ac740da133d8cc1b410fe98a93e883
parent c852a68b9638f5a9f0ce5eca0ea97df400ddb626

Some extra code defined out

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 18094a3..0fccf34 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1362,19 +1362,19 @@
     {
         params_len = p - ( ssl->in_msg + 4 );
 
-#if defined(POLARSSL_SSL_PROTO_TLS1_2)
         /*
          * Handle the digitally-signed structure
          */
-        if( ssl_parse_signature_algorithm( ssl, &p, end,
-                                           &md_alg, &pk_alg ) != 0 )
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+        if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
         {
-            SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-            return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-        }
+            if( ssl_parse_signature_algorithm( ssl, &p, end,
+                                               &md_alg, &pk_alg ) != 0 )
+            {
+                SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+                return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+            }
 
-        if( pk_alg != POLARSSL_PK_NONE )
-        {
             if( pk_alg != ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
             {
                 SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
@@ -1383,13 +1383,22 @@
         }
         else
 #endif
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
+    defined(POLARSSL_SSL_PROTO_TLS1_1)
+        if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
         {
             pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
-        }
 
-        /* Default hash for ECDSA is SHA-1 */
-        if( pk_alg == POLARSSL_PK_ECDSA && md_alg == POLARSSL_MD_NONE )
-            md_alg = POLARSSL_MD_SHA1;
+            /* Default hash for ECDSA is SHA-1 */
+            if( pk_alg == POLARSSL_PK_ECDSA && md_alg == POLARSSL_MD_NONE )
+                md_alg = POLARSSL_MD_SHA1;
+        }
+        else
+#endif
+        {
+            SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+        }
 
         /*
          * Read signature
@@ -1443,6 +1452,8 @@
         else
 #endif /* POLARSSL_SSL_PROTO_SSL3 || POLARSSL_SSL_PROTO_TLS1 || \
           POLARSSL_SSL_PROTO_TLS1_1 */
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
+    defined(POLARSSL_SSL_PROTO_TLS1_2)
         if( md_alg != POLARSSL_MD_NONE )
         {
             md_context_t ctx;
@@ -1470,6 +1481,8 @@
             md_free_ctx( &ctx );
         }
         else
+#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
+          POLARSSL_SSL_PROTO_TLS1_2 */
         {
             SSL_DEBUG_MSG( 1, ( "should never happen" ) );
             return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );