mirror of https://github.com/ctz/rustls
Abandon client auth hashing earlier
This commit is contained in:
parent
5cc6c45261
commit
293f414089
|
@ -173,4 +173,8 @@ impl ClientAuthDetails {
|
|||
None => (None, None),
|
||||
}
|
||||
}
|
||||
|
||||
pub fn is_enabled(&self) -> bool {
|
||||
self.0.is_some()
|
||||
}
|
||||
}
|
||||
|
|
|
@ -284,13 +284,7 @@ fn emit_certverify(
|
|||
sess: &mut ClientSessionImpl,
|
||||
) -> Result<(), TLSError> {
|
||||
let signer = match signer {
|
||||
None => {
|
||||
trace!("Not sending CertificateVerify, no key");
|
||||
handshake
|
||||
.transcript
|
||||
.abandon_client_auth();
|
||||
return Ok(());
|
||||
},
|
||||
None => return Ok(()),
|
||||
Some(signer) => {
|
||||
signer
|
||||
}
|
||||
|
@ -393,6 +387,10 @@ impl hs::State for ExpectCertificateRequest {
|
|||
.resolve(&canames, &certreq.sigschemes);
|
||||
|
||||
let client_auth = ClientAuthDetails::from_key(maybe_certkey, &certreq.sigschemes);
|
||||
if !client_auth.is_enabled() {
|
||||
self.handshake.transcript.abandon_client_auth();
|
||||
}
|
||||
|
||||
Ok(Box::new(ExpectServerDone {
|
||||
handshake: self.handshake,
|
||||
suite: self.suite,
|
||||
|
|
|
@ -786,6 +786,10 @@ impl hs::State for ExpectCertificateRequest {
|
|||
.resolve(&canames, &compat_sigschemes);
|
||||
|
||||
let client_auth = ClientAuthDetails::from_key(maybe_certkey, &compat_sigschemes);
|
||||
if !client_auth.is_enabled() {
|
||||
self.handshake.transcript.abandon_client_auth();
|
||||
}
|
||||
|
||||
Ok(Box::new(ExpectCertificate {
|
||||
handshake: self.handshake,
|
||||
key_schedule: self.key_schedule,
|
||||
|
|
Loading…
Reference in New Issue