Remove dependency from SSL on PK internals
So far, with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled, the SSL module relied
on a undocumented feature of the PK module: that you can distinguish between
contexts that have been setup and context that haven't. This feature is going
to go away in the case of PK_SINGLE_TYPE, as we'll soon (as in: the next
commit does that) no longer be storing the (now two-valued) pk_info member.
Note even with this change, we could still distinguish if the context has been
set up by look if pk_ctx is NULL or not, but this is also going away in the
near future (a few more commits down the road), so not a good option either.
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 79d5598..ebc2a63 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2379,11 +2379,7 @@
}
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- /* Because the peer CRT pubkey is embedded into the handshake
- * params currently, and there's no 'is_init' functions for PK
- * contexts, we need to break the abstraction and peek into
- * the PK context to see if it has been initialized. */
- if( ssl->handshake->peer_pubkey.pk_info != MBEDTLS_PK_INVALID_HANDLE )
+ if( ssl->handshake->got_peer_pubkey )
peer_pk = &ssl->handshake->peer_pubkey;
#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
if( ssl->session_negotiate->peer_cert != NULL )