Don't use |X509_get_pubkey| in TLS 1.3 code either.
Change-Id: I7050c74ac38503f450760a857442e6fc0863d5df
Reviewed-on: https://boringssl-review.googlesource.com/12708
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/tls13_client.c b/ssl/tls13_client.c
index f106c16..4a202d7 100644
--- a/ssl/tls13_client.c
+++ b/ssl/tls13_client.c
@@ -404,7 +404,7 @@
static enum ssl_hs_wait_t do_process_server_certificate(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
if (!tls13_check_message_type(ssl, SSL3_MT_CERTIFICATE) ||
- !tls13_process_certificate(ssl, 0 /* certificate required */) ||
+ !tls13_process_certificate(hs, 0 /* certificate required */) ||
!ssl_hash_current_message(ssl)) {
return ssl_hs_error;
}
@@ -417,7 +417,7 @@
SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
if (!tls13_check_message_type(ssl, SSL3_MT_CERTIFICATE_VERIFY) ||
- !tls13_process_certificate_verify(ssl) ||
+ !tls13_process_certificate_verify(hs) ||
!ssl_hash_current_message(ssl)) {
return ssl_hs_error;
}
