From 51a0bfd9bc07a549368eb0b87f79291fb96ae4e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 31 Jul 2019 10:40:26 +0200 Subject: [PATCH] Fix bug in cert digest serialisation This bug was present since cert digest had been introduced, which highlights the need for testing. While at it, fix a bug in the comment explaining the format - this was introduced by me copy-pasting to hastily from current baremetal, that has a different format (see next PR in the series for the same in development). --- library/ssl_tls.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8342a3ee6d..db09bf8ee5 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9849,8 +9849,7 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co * opaque session_struct[n]; // n = sizeof(mbedtls_ssl_session) * select (MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) { * case enabled: opaque peer_cert<0..2^24-1>; // length 0 means no cert - * case disabled: uint8_t peer_cert_digest_type; - * opaque peer_cert_digest<0..2^8-1>; + * case disabled: opaque peer_cert_digest<0..2^8-1>; * } * opaque ticket<0..2^24-1>; // 0 means no ticket * @@ -9910,7 +9909,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, } } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( session->peer_cert_digest != NULL ) + if( session->peer_cert_digest == NULL ) cert_digest_len = 0; else cert_digest_len = session->peer_cert_digest_len;