commit 51a0bfd9bc07a549368eb0b87f79291fb96ae4e8
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Jul 31 10:40:26 2019 +0200
committer Jarno Lamsa <jarno.lamsa@arm.com> Fri Aug 23 12:48:41 2019 +0300
tree d0a7f59ab1dee5cb0db3a3a5c47fe7cd23bfd1c6
parent 686adb4d54a4eb352350862788d5a95505fc275d

Fix bug in cert digest serialisation

This bug was present since cert digest had been introduced, which highlights
the need for testing.

While at it, fix a bug in the comment explaining the format - this was
introduced by me copy-pasting to hastily from current baremetal, that has a
different format (see next PR in the series for the same in development).

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8342a3e..db09bf8 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -9849,8 +9849,7 @@
  *  opaque session_struct[n];       // n = sizeof(mbedtls_ssl_session)
  *  select (MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) {
  *      case enabled:  opaque peer_cert<0..2^24-1>; // length 0 means no cert
- *      case disabled: uint8_t peer_cert_digest_type;
- *                     opaque peer_cert_digest<0..2^8-1>;
+ *      case disabled: opaque peer_cert_digest<0..2^8-1>;
  *  }
  *  opaque ticket<0..2^24-1>;       // 0 means no ticket
  *
@@ -9910,7 +9909,7 @@
         }
     }
 #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    if( session->peer_cert_digest != NULL )
+    if( session->peer_cert_digest == NULL )
         cert_digest_len = 0;
     else
         cert_digest_len = session->peer_cert_digest_len;