Merge checks in ssl_parse_certificate_verify()
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 94a7ae6..b31cc23 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3274,20 +3274,15 @@
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
- ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ||
+ ssl->session_negotiate->peer_cert == NULL )
{
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
ssl->state++;
return( 0 );
}
- if( ssl->session_negotiate->peer_cert == NULL )
- {
- SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
- ssl->state++;
- return( 0 );
- }
-
+ /* Needs to be done before read_record() to exclude current message */
ssl->handshake->calc_verify( ssl, hash );
if( ( ret = ssl_read_record( ssl ) ) != 0 )
@@ -3298,13 +3293,8 @@
ssl->state++;
- if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
- {
- SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
- }
-
- if( ssl->in_msg[0] != SSL_HS_CERTIFICATE_VERIFY )
+ if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ||
+ ssl->in_msg[0] != SSL_HS_CERTIFICATE_VERIFY )
{
SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );