Introduce CRT counter to CRT chain parsing function
So far, we've used the `peer_cert` pointer to detect whether
we're parsing the first CRT, but that will soon be removed
if `MBEDTLS_SSL_KEEP_PEER_CERTIFICATE` is unset.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 1ccb278..d2cb893 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5757,7 +5757,7 @@
*/
static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl )
{
- int ret;
+ int ret, crt_cnt=0;
size_t i, n;
uint8_t alert;
@@ -5884,7 +5884,7 @@
}
/* Check if we're handling the first CRT in the chain. */
- if( ssl->session_negotiate->peer_cert == NULL )
+ if( crt_cnt++ == 0 )
{
/* During client-side renegotiation, check that the server's
* end-CRTs hasn't changed compared to the initial handshake,