TLS 1.3: Always go through the CLIENT_CERTIFICATE state Even if certificate authentication is disabled at build time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state. It simplifies overall the code for a small code size cost when certificate authentication is disabled at build time. Furthermore that way we have only one point in the code where we switch to the handshake keys for record encryption. Signed-off-by: Ronald Cron <ronald.cron@arm.com>

commit: 9df7c80c786c3d70550b96ad57efd33d864bf8e0 [log] [tgz]
author: Ronald Cron <ronald.cron@arm.com> Tue Mar 08 18:38:54 2022 +0100
committer: Ronald Cron <ronald.cron@arm.com> Wed Mar 09 07:50:08 2022 +0100
tree: 1379e33748e3559545ddec8c0268bfed55d67547
parent: d815114f933e267c3607f6768ee1bf30ae0b837f [diff] [blame]
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index f006438..4fee3b0 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c

@@ -1529,14 +1529,8 @@
                 mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
                 break;
             case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
                 mbedtls_ssl_handshake_set_state( ssl,
-                                            MBEDTLS_SSL_CLIENT_CERTIFICATE );
-#else
-                mbedtls_ssl_handshake_set_state( ssl,
-                                                 MBEDTLS_SSL_CLIENT_FINISHED );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
+                                                 MBEDTLS_SSL_CLIENT_CERTIFICATE );
                 break;
             default:
                 MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
commit	9df7c80c786c3d70550b96ad57efd33d864bf8e0	[log] [tgz]
author	Ronald Cron <ronald.cron@arm.com>	Tue Mar 08 18:38:54 2022 +0100
committer	Ronald Cron <ronald.cron@arm.com>	Wed Mar 09 07:50:08 2022 +0100
tree	1379e33748e3559545ddec8c0268bfed55d67547
parent	d815114f933e267c3607f6768ee1bf30ae0b837f [diff] [blame]