rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity

Abandon client auth hashing earlier

This commit is contained in:
Dirkjan Ochtman 2021-03-07 23:14:01 +01:00
parent 5cc6c45261
commit 293f414089
3 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rustls/src/client/common.rs
View File

@ -173,4 +173,8 @@ impl ClientAuthDetails {
None => (None, None),
}
}
pub fn is_enabled(&self) -> bool {
self.0.is_some()
}
}

12
rustls/src/client/tls12.rs
View File

@ -284,13 +284,7 @@ fn emit_certverify(
sess: &mut ClientSessionImpl,
) -> Result<(), TLSError> {
let signer = match signer {
None => {
trace!("Not sending CertificateVerify, no key");
handshake
.transcript
.abandon_client_auth();
return Ok(());
},
None => return Ok(()),
Some(signer) => {
signer
}
@ -393,6 +387,10 @@ impl hs::State for ExpectCertificateRequest {
.resolve(&canames, &certreq.sigschemes);
let client_auth = ClientAuthDetails::from_key(maybe_certkey, &certreq.sigschemes);
if !client_auth.is_enabled() {
self.handshake.transcript.abandon_client_auth();
}
Ok(Box::new(ExpectServerDone {
handshake: self.handshake,
suite: self.suite,

4
rustls/src/client/tls13.rs
View File

@ -786,6 +786,10 @@ impl hs::State for ExpectCertificateRequest {
.resolve(&canames, &compat_sigschemes);
let client_auth = ClientAuthDetails::from_key(maybe_certkey, &compat_sigschemes);
if !client_auth.is_enabled() {
self.handshake.transcript.abandon_client_auth();
}
Ok(Box::new(ExpectCertificate {
handshake: self.handshake,
key_schedule: self.key_schedule,