From 95832d88728414558e195522251ab1910c79bd4a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 22 Jul 2021 09:44:53 +0100
Subject: [PATCH 1/3] Explicitly mark mbedtls_ssl_session.exported as private

This was an oversight during concurrent merging
in the run-up to Mbed TLS 3.0.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 include/mbedtls/ssl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 3a14a5830..e69bdb64f 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -925,7 +925,7 @@ struct mbedtls_ssl_session
     unsigned char MBEDTLS_PRIVATE(id)[32];       /*!< session identifier */
     unsigned char MBEDTLS_PRIVATE(master)[48];   /*!< the master secret  */
 
-    unsigned char exported;
+    unsigned char MBEDTLS_PRIVATE(exported);
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)

From 03799427445d796d8ada01bb4258b80fa787ac3a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 22 Jul 2021 11:33:12 +0100
Subject: [PATCH 2/3] Explicitly mark mbedtls_ssl_config.respect_cli_pref as
 private

This was always intended to be explicitly marked private.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 include/mbedtls/ssl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index e69bdb64f..610aa1491 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1214,7 +1214,7 @@ struct mbedtls_ssl_config
 #if defined(MBEDTLS_SSL_SRV_C)
     unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1;  /*!< enable sending CA list in
                                           Certificate Request messages?     */
-    unsigned int respect_cli_pref : 1;  /*!< pick the ciphersuite according to
+    unsigned int MBEDTLS_PRIVATE(respect_cli_pref) : 1;  /*!< pick the ciphersuite according to
                                           the client's preferences rather
                                           than ours                         */
 #endif

From 5d26efdea3658b0372dd33427ee5af688d2bcd93 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 22 Jul 2021 10:22:07 +0100
Subject: [PATCH 3/3] Add ChangeLog entry

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 ChangeLog.d/session_export_private.txt | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 ChangeLog.d/session_export_private.txt

diff --git a/ChangeLog.d/session_export_private.txt b/ChangeLog.d/session_export_private.txt
new file mode 100644
index 000000000..547582418
--- /dev/null
+++ b/ChangeLog.d/session_export_private.txt
@@ -0,0 +1,5 @@
+Changes
+    * Explicitly mark the fields mbedtls_ssl_session.exported and
+      mbedtls_ssl_config.respect_cli_pref as private. This was an
+      oversight during the run-up to the release of Mbed TLS 3.0.
+      The fields were never intended to be public.