commit 62b49cd06a75ae19bb6e2e253d65a1aee5d62ed7
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Feb 09 10:57:00 2022 +0100
committer GitHub <noreply@github.com> Wed Feb 09 10:57:00 2022 +0100
tree 9f1aee2b5e0729abf8f5b1caaab68c5cd7434421
parent 9193f7d8367e388376eab7534d32966294eb911e
parent 5c7d1cce975ac8fdd86e5822d7a6c3a08ec7f912

Merge pull request #5472 from yuhaoth/pr/move-client-auth

Move client_auth to handshake

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 350ee2c..7e5fb19 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1613,11 +1613,6 @@
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     /*
-     * PKI layer
-     */
-    int MBEDTLS_PRIVATE(client_auth);                    /*!<  flag for client auth.   */
-
-    /*
      * User settings
      */
 #if defined(MBEDTLS_X509_CRT_PARSE_C)

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index e411b70..825034a 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3137,12 +3137,13 @@
     }
 
     ssl->state++;
-    ssl->client_auth = ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST );
+    ssl->handshake->client_auth =
+                    ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST );
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "got %s certificate request",
-                        ssl->client_auth ? "a" : "no" ) );
+                        ssl->handshake->client_auth ? "a" : "no" ) );
 
-    if( ssl->client_auth == 0 )
+    if( ssl->handshake->client_auth == 0 )
     {
         /* Current message is probably the ServerHelloDone */
         ssl->keep_current_message = 1;
@@ -3794,7 +3795,8 @@
         return( 0 );
     }
 
-    if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL )
+    if( ssl->handshake->client_auth == 0 ||
+        mbedtls_ssl_own_cert( ssl ) == NULL )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
         ssl->state++;

library/ssl_misc.h

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index aaed88b..8cb9576 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -775,6 +775,12 @@
                                 * but can be overwritten by the HRR. */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
+#if defined(MBEDTLS_SSL_CLI_C)
+    uint8_t client_auth;       /*!< used to check if CertificateRequest has been
+                                    received from server side. If CertificateRequest
+                                    has been received, Certificate and CertificateVerify
+                                    should be sent to server */
+#endif /* MBEDTLS_SSL_CLI_C */
     /*
      * State-local variables used during the processing
      * of a specific handshake state.

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ec8dbfb..988fafb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1706,7 +1706,7 @@
 #if defined(MBEDTLS_SSL_CLI_C)
     if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
     {
-        if( ssl->client_auth == 0 )
+        if( ssl->handshake->client_auth == 0 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
             ssl->state++;