tls_change_cipher() can complain about null cipher and digest
algorithms; we only need the pubkey check disabled (and only because pubkey algorithms are not yet integrated into the crypto_algorithm subsystem).
This commit is contained in:
parent
60e3aa4d75
commit
847ac4f336
@ -498,16 +498,14 @@ static int tls_change_cipher ( struct tls_session *tls,
|
|||||||
struct tls_cipherspec *pending,
|
struct tls_cipherspec *pending,
|
||||||
struct tls_cipherspec *active ) {
|
struct tls_cipherspec *active ) {
|
||||||
|
|
||||||
/* FIXME: Why is this disabled? */
|
|
||||||
#if 0
|
|
||||||
/* Sanity check */
|
/* Sanity check */
|
||||||
if ( ( pending->pubkey == &crypto_null ) ||
|
if ( /* FIXME (when pubkey is not hard-coded to RSA):
|
||||||
|
* ( pending->pubkey == &crypto_null ) || */
|
||||||
( pending->cipher == &crypto_null ) ||
|
( pending->cipher == &crypto_null ) ||
|
||||||
( pending->digest == &crypto_null ) ) {
|
( pending->digest == &crypto_null ) ) {
|
||||||
DBGC ( tls, "TLS %p refusing to use null cipher\n", tls );
|
DBGC ( tls, "TLS %p refusing to use null cipher\n", tls );
|
||||||
return -ENOTSUP;
|
return -ENOTSUP;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
tls_clear_cipher ( tls, active );
|
tls_clear_cipher ( tls, active );
|
||||||
memswap ( active, pending, sizeof ( *active ) );
|
memswap ( active, pending, sizeof ( *active ) );
|
||||||
|
Reference in New Issue
Block a user