mirror of https://github.com/ctz/rustls
Abandon client auth hashing earlier
This commit is contained in:
parent
5cc6c45261
commit
293f414089
|
@ -173,4 +173,8 @@ impl ClientAuthDetails {
|
||||||
None => (None, None),
|
None => (None, None),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn is_enabled(&self) -> bool {
|
||||||
|
self.0.is_some()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -284,13 +284,7 @@ fn emit_certverify(
|
||||||
sess: &mut ClientSessionImpl,
|
sess: &mut ClientSessionImpl,
|
||||||
) -> Result<(), TLSError> {
|
) -> Result<(), TLSError> {
|
||||||
let signer = match signer {
|
let signer = match signer {
|
||||||
None => {
|
None => return Ok(()),
|
||||||
trace!("Not sending CertificateVerify, no key");
|
|
||||||
handshake
|
|
||||||
.transcript
|
|
||||||
.abandon_client_auth();
|
|
||||||
return Ok(());
|
|
||||||
},
|
|
||||||
Some(signer) => {
|
Some(signer) => {
|
||||||
signer
|
signer
|
||||||
}
|
}
|
||||||
|
@ -393,6 +387,10 @@ impl hs::State for ExpectCertificateRequest {
|
||||||
.resolve(&canames, &certreq.sigschemes);
|
.resolve(&canames, &certreq.sigschemes);
|
||||||
|
|
||||||
let client_auth = ClientAuthDetails::from_key(maybe_certkey, &certreq.sigschemes);
|
let client_auth = ClientAuthDetails::from_key(maybe_certkey, &certreq.sigschemes);
|
||||||
|
if !client_auth.is_enabled() {
|
||||||
|
self.handshake.transcript.abandon_client_auth();
|
||||||
|
}
|
||||||
|
|
||||||
Ok(Box::new(ExpectServerDone {
|
Ok(Box::new(ExpectServerDone {
|
||||||
handshake: self.handshake,
|
handshake: self.handshake,
|
||||||
suite: self.suite,
|
suite: self.suite,
|
||||||
|
|
|
@ -786,6 +786,10 @@ impl hs::State for ExpectCertificateRequest {
|
||||||
.resolve(&canames, &compat_sigschemes);
|
.resolve(&canames, &compat_sigschemes);
|
||||||
|
|
||||||
let client_auth = ClientAuthDetails::from_key(maybe_certkey, &compat_sigschemes);
|
let client_auth = ClientAuthDetails::from_key(maybe_certkey, &compat_sigschemes);
|
||||||
|
if !client_auth.is_enabled() {
|
||||||
|
self.handshake.transcript.abandon_client_auth();
|
||||||
|
}
|
||||||
|
|
||||||
Ok(Box::new(ExpectCertificate {
|
Ok(Box::new(ExpectCertificate {
|
||||||
handshake: self.handshake,
|
handshake: self.handshake,
|
||||||
key_schedule: self.key_schedule,
|
key_schedule: self.key_schedule,
|
||||||
|
|
Loading…
Reference in New Issue