Skip to content

Commit bc611fe

Browse files
valeriosettivaleriosetti
committed
[tls12|tls13]_server: fix usage being checked on the certificate key
Signed-off-by: Valerio Setti <[email protected]>
1 parent 7b2d72a commit bc611fe

File tree

2 files changed

+3
-2
lines changed

2 files changed

+3
-2
lines changed

library/ssl_tls12_server.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -694,7 +694,8 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl,
694694
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
695695
key_type_matches = ((ssl->conf->f_async_sign_start != NULL ||
696696
mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)) &&
697-
mbedtls_pk_can_do_psa(&cur->cert->pk, pk_alg, pk_usage));
697+
mbedtls_pk_can_do_psa(&cur->cert->pk, pk_alg,
698+
PSA_KEY_USAGE_VERIFY_HASH));
698699
#else
699700
key_type_matches = (
700701
mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage));

library/ssl_tls13_server.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1161,7 +1161,7 @@ static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl)
11611161
*sig_alg, &key_cert->cert->pk)
11621162
&& psa_alg != PSA_ALG_NONE &&
11631163
mbedtls_pk_can_do_psa(&key_cert->cert->pk, psa_alg,
1164-
PSA_KEY_USAGE_SIGN_HASH) == 1
1164+
PSA_KEY_USAGE_VERIFY_HASH) == 1
11651165
) {
11661166
ssl->handshake->key_cert = key_cert;
11671167
MBEDTLS_SSL_DEBUG_MSG(3,

0 commit comments

Comments
 (0)