Move some client/server special-cases out of tls13_process_certificate. Where we can move uncommon logic to the caller, we probably ought to. Change-Id: I54a09fffffc20290be05295137ccb605d562cad0 Reviewed-on: https://boringssl-review.googlesource.com/9069 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 3ce4389e96f76735d4bdfba6181428582d188a06 [log] [tgz]
author: David Benjamin <davidben@google.com> Mon Aug 01 19:41:34 2016 -0400
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Aug 02 19:20:24 2016 +0000
tree: feda3dfc30c91e3303371418e79e038a49772d7c
parent: 78f84f4e039d091c17d0fe9721c9a687eb252ca0 [diff] [blame]
diff --git a/ssl/tls13_server.c b/ssl/tls13_server.c
index cf0aea2..15e3332 100644
--- a/ssl/tls13_server.c
+++ b/ssl/tls13_server.c

@@ -464,6 +464,12 @@
     return ssl_hs_error;
   }
 
+  /* For historical reasons, the server's copy of the chain does not include the
+   * leaf while the client's does. */
+  if (sk_X509_num(ssl->s3->new_session->cert_chain) > 0) {
+    X509_free(sk_X509_shift(ssl->s3->new_session->cert_chain));
+  }
+
   hs->state = state_process_client_certificate_verify;
   return ssl_hs_read_message;
 }
commit	3ce4389e96f76735d4bdfba6181428582d188a06	[log] [tgz]
author	David Benjamin <davidben@google.com>	Mon Aug 01 19:41:34 2016 -0400
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Tue Aug 02 19:20:24 2016 +0000
tree	feda3dfc30c91e3303371418e79e038a49772d7c
parent	78f84f4e039d091c17d0fe9721c9a687eb252ca0 [diff] [blame]