commit e1621d47005f8aff6422678b0f003209168c5332
author Jarno Lamsa <jarno.lamsa@arm.com> Thu Dec 19 08:58:56 2019 +0200
committer Jarno Lamsa <jarno.lamsa@arm.com> Thu Dec 19 14:29:24 2019 +0200
tree 61412368a0af7bc42dcf2c058d0e60911b9ded43
parent ba4730fe4c80e98d462b0cbe2df790a09a6c587b

Check that the peer_authenticated flag

Check that the peer has been authenticated in the end
of the handshake.

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 3053818..7d00797 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -4450,6 +4450,7 @@
     if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+        ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET;
         ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
         return( 0 );
     }
@@ -4478,6 +4479,7 @@
     if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+        ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET;
         ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
         return( 0 );
     }
@@ -4506,6 +4508,7 @@
     if( peer_pk == NULL )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+        ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET;
         ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
         return( 0 );
     }
@@ -4851,7 +4854,7 @@
             break;
 
         case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
-            mbedtls_ssl_handshake_wrapup( ssl );
+            ret = mbedtls_ssl_handshake_wrapup( ssl );
             break;
 
         case MBEDTLS_SSL_INVALID: