commit b894ac7f9919aa742371fd35da000d708e5584ab
author Ronald Cron <ronald.cron@arm.com> Mon Mar 07 11:56:06 2022 +0100
committer Ronald Cron <ronald.cron@arm.com> Tue Mar 29 14:42:17 2022 +0200
tree 8490a03229cc6b2ae0ad1c8dd1e2e4f9398acbf2
parent 90915f2a21c78d297570205f36af1b537f126360

ssl_tls12_server.c: Remove some dead code for versions of TLS < 1.2

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_tls12_server.c

diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index e9fa633..deab271 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -1011,23 +1011,6 @@
         }
 #endif
 
-        /*
-         * Try to select a SHA-1 certificate for pre-1.2 clients, but still
-         * present them a SHA-higher cert rather than failing if it's the only
-         * one we got that satisfies the other conditions.
-         */
-        if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 &&
-            cur->cert->sig_md != MBEDTLS_MD_SHA1 )
-        {
-            if( fallback == NULL )
-                fallback = cur;
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate not preferred: "
-                                    "sha-2 with pre-TLS 1.2 client" ) );
-            continue;
-            }
-        }
-
         /* If we get there, we got a winner */
         break;
     }