Remove peer CRT from mbedtls_ssl_session if new option is disabled

commit: abe6f66c00452dd314cfc3ca80c1136a420510cd [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Thu Feb 07 13:29:55 2019 +0000
committer: Hanno Becker <hanno.becker@arm.com> Tue Feb 26 14:38:09 2019 +0000
tree: 9e572bfda0e6956595b088a066b78eefbbfbfd5e
parent: 2a831a4ba7c1344ecd219e735adca1987e090154 [diff] [blame]
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 6dcc43b..dad8ebd 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -818,14 +818,15 @@
     unsigned char master[48];   /*!< the master secret  */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     mbedtls_x509_crt *peer_cert;       /*!< peer X.509 cert chain */
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
     /*! The digest of the peer's end-CRT. This must be kept to detect CRT
      *  changes during renegotiation, mitigating the triple handshake attack. */
     unsigned char *peer_cert_digest;
     size_t peer_cert_digest_len;
     mbedtls_md_type_t peer_cert_digest_type;
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
     uint32_t verify_result;          /*!<  verification result     */
commit	abe6f66c00452dd314cfc3ca80c1136a420510cd	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Thu Feb 07 13:29:55 2019 +0000
committer	Hanno Becker <hanno.becker@arm.com>	Tue Feb 26 14:38:09 2019 +0000
tree	9e572bfda0e6956595b088a066b78eefbbfbfd5e
parent	2a831a4ba7c1344ecd219e735adca1987e090154 [diff] [blame]