Move more side-specific code out of tls13_process_certificate. tls13_process_certificate can take a boolean for whether anonymous is allowed. This does change the error on the client slightly, but I think this is correct anyway. It is not a syntax error for the server to send no certificates in so far as the Certificate message allows it. It's just illegal. Change-Id: I1af80dacf23f50aad0b1fbd884bc068a40714399 Reviewed-on: https://boringssl-review.googlesource.com/9072 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 4087df92f489e3f8bb09439d85aa8edad92ad7fa [log] [tgz]
author: David Benjamin <davidben@google.com> Mon Aug 01 20:16:31 2016 -0400
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Aug 04 16:58:46 2016 +0000
tree: f1aad0dff11da83d4d68eabb5a877e1c086c9ce1
parent: bb9e36e0051e15b633616067d71e95010e841dfa [diff] [blame]
diff --git a/ssl/internal.h b/ssl/internal.h
index c69bc5f..f64dc62 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -919,7 +919,7 @@
  * it returns one. Otherwise, it sends an alert and returns zero. */
 int tls13_check_message_type(SSL *ssl, int type);
 
-int tls13_process_certificate(SSL *ssl);
+int tls13_process_certificate(SSL *ssl, int allow_anonymous);
 int tls13_process_certificate_verify(SSL *ssl);
 int tls13_process_finished(SSL *ssl);
commit	4087df92f489e3f8bb09439d85aa8edad92ad7fa	[log] [tgz]
author	David Benjamin <davidben@google.com>	Mon Aug 01 20:16:31 2016 -0400
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Thu Aug 04 16:58:46 2016 +0000
tree	f1aad0dff11da83d4d68eabb5a877e1c086c9ce1
parent	bb9e36e0051e15b633616067d71e95010e841dfa [diff] [blame]