Remove dependency from SSL on PK internals

So far, with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled, the SSL module relied on a undocumented feature of the PK module: that you can distinguish between contexts that have been setup and context that haven't. This feature is going to go away in the case of PK_SINGLE_TYPE, as we'll soon (as in: the next commit does that) no longer be storing the (now two-valued) pk_info member. Note even with this change, we could still distinguish if the context has been set up by look if pk_ctx is NULL or not, but this is also going away in the near future (a few more commits down the road), so not a good option either.
2026-04-20 22:05:15 +00:00 · 2019-09-19 10:45:14 +02:00 · 2019-09-19 10:45:14 +02:00 · 2829bbf59b
commit 2829bbf59b
parent 4223ce4fca
4 changed files with 8 additions and 16 deletions
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@ -382,9 +382,9 @@ struct mbedtls_ssl_sig_hash_set_t
 */
 struct mbedtls_ssl_handshake_params
 {
-    /*
-     * Handshake specific crypto variables
-     */
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    uint8_t got_peer_pubkey;            /*!< Did we store the peer's public key from its certificate? */
+#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
    unsigned char verify_cookie_len;    /*!<  Cli: cookie length
                                              Srv: flag for sending a cookie */