Google Git
Sign in
pigweed/third_party/github/ARMmbed/mbedtls/a887d1a5b6e71e1a080b1944474692cb622dd20e^!/./library/ssl_cache.c
commit
a887d1a5b6e71e1a080b1944474692cb622dd20e
[log]
author
Hanno Becker <hanno.becker@arm.com>
Wed Feb 06 15:57:49 2019 +0000
committer
Hanno Becker <hanno.becker@arm.com>
Tue Feb 26 14:38:09 2019 +0000
tree
4ad00be8f45cb1e1d0b45232f54996ac195b1285
parent
c966bd16beb036a2c73b685aed16e82c197ebab6 [diff] [blame]
Remove peer CRT from cache if !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE

diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index f542594..62a0a29 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c

@@ -100,7 +100,8 @@
             goto exit;
         }
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
         /*
          * Restore peer certificate (without rest of the original chain)
          */
@@ -127,7 +128,7 @@
                 goto exit;
             }
         }
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
         ret = 0;
         goto exit;
@@ -247,7 +248,8 @@
 #endif
     }
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     /*
      * If we're reusing an entry, free its certificate first
      */
@@ -256,7 +258,7 @@
         mbedtls_free( cur->peer_cert.p );
         memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) );
     }
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
     /* Copy the entire session; this temporarily makes a copy of the
      * X.509 CRT structure even though we only want to store the raw CRT.
@@ -270,7 +272,8 @@
         goto exit;
     }
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     /* If present, free the X.509 structure and only store the raw CRT data. */
     if( cur->session.peer_cert != NULL )
     {
@@ -291,7 +294,7 @@
         mbedtls_free( cur->session.peer_cert );
         cur->session.peer_cert = NULL;
     }
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
     ret = 0;
 
@@ -333,9 +336,10 @@
 
         mbedtls_ssl_session_free( &prv->session );
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
         mbedtls_free( prv->peer_cert.p );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
         mbedtls_free( prv );
     }