commit 4f099264b5a7848289af3a2c3dab11bc6da15115
author Johan Pascal <johan.pascal@belledonne-communications.com> Tue Sep 22 10:59:26 2020 +0200
committer Johan Pascal <johan.pascal@belledonne-communications.com> Thu Oct 29 01:14:49 2020 +0100
tree 2ea2e67dbb09b975bf8d72046fea572a8e83a032
parent d576fdb1d63a3e2b315362710d08b5439747a9a6

use_srtp extension shall not interfere in the handshake settings

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e151ffe..f774b40 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3056,38 +3056,13 @@
         authmode = ssl->handshake->sni_authmode;
     else
 #endif
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-    /*
-     * check if we have a chosen srtp protection profile,
-     * force verify mode to be at least OPTIONAL
-     */
-    if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE &&
-         ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE )
-    {
-        authmode = MBEDTLS_SSL_VERIFY_OPTIONAL;
-    }
-    else
-#endif
         authmode = ssl->conf->authmode;
 
     if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ||
         authmode == MBEDTLS_SSL_VERIFY_NONE )
     {
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-        /* check if we have a chosen srtp protection profile */
-        if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "should not happen" ) );
-            return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-        }
-        else
-        {
-#endif
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
-            return( 0 );
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-        }
-#endif
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
+        return( 0 );
     }
 
     /*

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 696eb85..6b08445 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2088,21 +2088,9 @@
 
     if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) )
     {
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-        /* check if we have a chosen srtp protection profile */
-        if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE )
-        {
-            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
-        }
-        else
-        {
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
-            ssl->state++;
-            return( 0 );
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-        }
-#endif
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
+        ssl->state++;
+        return( 0 );
     }
 
 #if defined(MBEDTLS_SSL_CLI_C)
@@ -2727,22 +2715,9 @@
 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
     const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET
                        ? ssl->handshake->sni_authmode
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-                       : ssl->dtls_srtp_info.chosen_dtls_srtp_profile !=
-                               MBEDTLS_SRTP_UNSET_PROFILE
-                       && ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE
-                       ? MBEDTLS_SSL_VERIFY_OPTIONAL
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
                        : ssl->conf->authmode;
 #else
-    const int authmode =
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-            ssl->dtls_srtp_info.chosen_dtls_srtp_profile !=
-                                           MBEDTLS_SRTP_UNSET_PROFILE &&
-            ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ?
-            MBEDTLS_SSL_VERIFY_OPTIONAL :
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
-            ssl->conf->authmode;
+    const int authmode = ssl->conf->authmode;
 #endif
     void *rs_ctx = NULL;
     mbedtls_x509_crt *chain = NULL;