Fix bug in cert digest serialisation

This bug was present since cert digest had been introduced, which highlights the need for testing. While at it, fix a bug in the comment explaining the format - this was introduced by me copy-pasting to hastily from current baremetal, that has a different format (see next PR in the series for the same in development).
2025-11-03 20:33:16 +03:00 · 2019-07-31 10:40:26 +02:00
parent 686adb4d54
commit 51a0bfd9bc
1 changed files with 2 additions and 3 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -9849,8 +9849,7 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co
 *  opaque session_struct[n];       // n = sizeof(mbedtls_ssl_session)
 *  select (MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) {
 *      case enabled:  opaque peer_cert<0..2^24-1>; // length 0 means no cert
- *      case disabled: uint8_t peer_cert_digest_type;
- *                     opaque peer_cert_digest<0..2^8-1>;
+ *      case disabled: opaque peer_cert_digest<0..2^8-1>;
 *  }
 *  opaque ticket<0..2^24-1>;       // 0 means no ticket
 *
@@ -9910,7 +9909,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
        }
    }
 #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    if( session->peer_cert_digest != NULL )
+    if( session->peer_cert_digest == NULL )
        cert_digest_len = 0;
    else
        cert_digest_len = session->peer_cert_digest_len;