From 66bea84d9d009eace8144628954a962601673f69 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Thu, 5 May 2022 17:09:14 +0700
Subject: Rework TLS 1.3 verifiers

---
 crypto/src/tls/TlsServerProtocol.cs | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'crypto/src/tls/TlsServerProtocol.cs')

diff --git a/crypto/src/tls/TlsServerProtocol.cs b/crypto/src/tls/TlsServerProtocol.cs
index 0ab8a7a98..523fc0030 100644
--- a/crypto/src/tls/TlsServerProtocol.cs
+++ b/crypto/src/tls/TlsServerProtocol.cs
@@ -1281,13 +1281,11 @@ namespace Org.BouncyCastle.Tls
             if (null == clientCertificate || clientCertificate.IsEmpty)
                 throw new TlsFatalAlert(AlertDescription.internal_error);
 
-            // TODO[tls13] Actual structure is 'CertificateVerify' in RFC 8446, consider adding for clarity
-            DigitallySigned certificateVerify = DigitallySigned.Parse(m_tlsServerContext, buf);
+            CertificateVerify certificateVerify = CertificateVerify.Parse(m_tlsServerContext, buf);
 
             AssertEmpty(buf);
 
-            TlsUtilities.Verify13CertificateVerifyClient(m_tlsServerContext, m_certificateRequest, certificateVerify,
-                m_handshakeHash);
+            TlsUtilities.Verify13CertificateVerifyClient(m_tlsServerContext, m_handshakeHash, certificateVerify);
         }
 
         /// <exception cref="IOException"/>
-- 
cgit 1.4.1