tls_change_cipher() can complain about null cipher and digest
authorMichael Brown <mcb30@etherboot.org>
Mon, 30 Jul 2007 02:30:27 +0000 (03:30 +0100)
committerMichael Brown <mcb30@etherboot.org>
Mon, 30 Jul 2007 02:30:27 +0000 (03:30 +0100)
algorithms; we only need the pubkey check disabled (and only because
pubkey algorithms are not yet integrated into the crypto_algorithm
subsystem).

src/net/tls.c

index dcdb660..64e44b5 100644 (file)
@@ -498,16 +498,14 @@ static int tls_change_cipher ( struct tls_session *tls,
                               struct tls_cipherspec *pending,
                               struct tls_cipherspec *active ) {
 
-       /* FIXME: Why is this disabled? */
-#if 0
        /* Sanity check */
-       if ( ( pending->pubkey == &crypto_null ) ||
+       if ( /* FIXME (when pubkey is not hard-coded to RSA):
+             * ( pending->pubkey == &crypto_null ) || */
             ( pending->cipher == &crypto_null ) ||
             ( pending->digest == &crypto_null ) ) {
                DBGC ( tls, "TLS %p refusing to use null cipher\n", tls );
                return -ENOTSUP;
        }
-#endif
 
        tls_clear_cipher ( tls, active );
        memswap ( active, pending, sizeof ( *active ) );