mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
ssl: ignore CertificateRequest's content for real
- document why we made that choice - remove the two TODOs about checking hash and CA - remove the code that parsed certificate_type: it did nothing except store the selected type in handshake->cert_type, but that field was never accessed afterwards. Since handshake_params is now an internal type, we can remove that field without breaking the ABI.
This commit is contained in:
Manuel Pégourié-Gonnard
committed by
Simon Butcher
Simon Butcher
parent
56e9ae2bf2
commit
d1b7f2b8cf
@ -1594,7 +1594,12 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
|
||||
* adequate, preference is given to the one set by the first
|
||||
* call to this function, then second, etc.
|
||||
*
|
||||
* \note On client, only the first call has any effect.
|
||||
* \note On client, only the first call has any effect. That is,
|
||||
* only one client certificate can be provisioned. The
|
||||
* server's preferences in its CertficateRequest message will
|
||||
* be ignored and our only cert will be sent regardless of
|
||||
* whether it matches those preferences - the server can then
|
||||
* decide what it wants to do with it.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param own_cert own public certificate chain
|
||||
|
||||
Reference in New Issue
Block a user