cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-30 19:20:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'public/pr/927' into development

Browse Source
This commit is contained in:
Simon Butcher 2018-07-24 13:06:54 +01:00
commit ccb43df37e
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -51,6 +51,9 @@ Bugfix
* Change the default behaviour of mbedtls_hkdf_extract() to return an error * Change the default behaviour of mbedtls_hkdf_extract() to return an error
when calling with a NULL salt and non-zero salt_len. Contributed by when calling with a NULL salt and non-zero salt_len. Contributed by
Brian J Murray Brian J Murray
* Correct the documentation for `mbedtls_ssl_get_session()`.
This API has deep copy of the session, and the peer
certificate is not lost. Fixes #926.
Changes Changes
* Change the shebang line in Perl scripts to look up perl in the PATH. * Change the shebang line in Perl scripts to look up perl in the PATH.

17
include/mbedtls/ssl.h
View File

@ -2746,7 +2746,6 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss
* \brief Save session in order to resume it later (client-side only) * \brief Save session in order to resume it later (client-side only)
* Session data is copied to presented session structure. * Session data is copied to presented session structure.
* *
* \warning Currently, peer certificate is lost in the operation.
* *
* \param ssl SSL context * \param ssl SSL context
* \param session session context * \param session session context
@ -2754,7 +2753,18 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss
* \return 0 if successful, * \return 0 if successful,
* MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed, * MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
* arguments are otherwise invalid * arguments are otherwise invalid.
*
* \note Only the server certificate is copied, and not the full chain,
* so you should not attempt to validate the certificate again
* by calling \c mbedtls_x509_crt_verify() on it.
* Instead, you should use the results from the verification
* in the original handshake by calling \c mbedtls_ssl_get_verify_result()
* after loading the session again into a new SSL context
* using \c mbedtls_ssl_set_session().
*
* \note Once the session object is not needed anymore, you should
* free it by calling \c mbedtls_ssl_session_free().
* *
* \sa mbedtls_ssl_set_session() * \sa mbedtls_ssl_set_session()
*/ */
@ -3032,6 +3042,9 @@ void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
* \brief Free referenced items in an SSL session including the * \brief Free referenced items in an SSL session including the
* peer certificate and clear memory * peer certificate and clear memory
* *
* \note A session object can be freed even if the SSL context
* that was used to retrieve the session is still in use.
*
* \param session SSL session * \param session SSL session
*/ */
void mbedtls_ssl_session_free( mbedtls_ssl_session *session ); void mbedtls_ssl_session_free( mbedtls_ssl_session *session );