Only check for certificates if it is supported Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>

commit: 58535da8d09ea178d44f6992a8b0771c076784a4 [log] [tgz]
author: Gabor Mezei <gabor.mezei@arm.com> Mon Mar 03 15:43:50 2025 +0100
committer: Gabor Mezei <gabor.mezei@arm.com> Thu Mar 20 17:53:07 2025 +0100
tree: 4c33904c98493c9d03b02df1d40ef296e00bb07c
parent: 3ead04a12dd70107c2e3e57e238c648045f52934 [diff] [blame]
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 542d1f0..fb88cf2 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c

@@ -654,6 +654,7 @@
  * Try picking a certificate for this ciphersuite,
  * return 0 on success and -1 on failure.
  */
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_pick_cert(mbedtls_ssl_context *ssl,
                          const mbedtls_ssl_ciphersuite_t *ciphersuite_info)
@@ -744,6 +745,8 @@
 
     return -1;
 }
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 /*
@@ -806,6 +809,8 @@
     }
 #endif
 
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
     /*
      * Final check: if ciphersuite requires us to have a
@@ -821,7 +826,6 @@
     }
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     /* If the ciphersuite requires signing, check whether
      * a suitable hash algorithm is present. */
     sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info);
commit	58535da8d09ea178d44f6992a8b0771c076784a4	[log] [tgz]
author	Gabor Mezei <gabor.mezei@arm.com>	Mon Mar 03 15:43:50 2025 +0100
committer	Gabor Mezei <gabor.mezei@arm.com>	Thu Mar 20 17:53:07 2025 +0100
tree	4c33904c98493c9d03b02df1d40ef296e00bb07c
parent	3ead04a12dd70107c2e3e57e238c648045f52934 [diff] [blame]