Correction according to code review (function and param. names change

and docs rewording) Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2025-07-23 15:01:00 +03:00 · 2021-06-14 12:11:18 +02:00
parent 8b223b6509
commit 3946f79cab
5 changed files with 29 additions and 31 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -200,8 +200,8 @@
 #define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED    0
 #define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED      1

-#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_ENABLED    1
-#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED   0
+#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT  1
+#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER  0

 /*
 * Default range for DTLS retransmission timer value, in milliseconds.
@ -2498,9 +2498,12 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co
 *                      The ciphersuites array is not copied, and must remain
 *                      valid for the lifetime of the ssl_config.
 *
- *                      Note: The server uses its own preferences
- *                      over the preference of the client unless
- *                      conf->respect_cli_pref is enabled!
+ *                      Note: By default, the server chooses its preferred
+ *                      ciphersuite among those that the client supports. If
+ *                      mbedtls_ssl_conf_preference_order() is called to prefer
+ *                      the client's preferences, the server instead chooses
+ *                      the client's preferred ciphersuite among those that
+ *                      the server supports.
 *
 * \param conf          SSL configuration
 * \param ciphersuites  0-terminated list of allowed ciphersuites
@ -3300,15 +3303,15 @@ int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_c

 #if defined(MBEDTLS_SSL_SRV_C)
 /**
- * \brief          Pick the ciphersuite according to the client's preferences
- *                 rather than ours in the SSL Server module (MBEDTLS_SSL_SRV_C).
- *                 (Default: MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED)
+ * \brief          Pick the ciphersuites order according to the second parameter
+ *                 in the SSL Server module (MBEDTLS_SSL_SRV_C).
+ *                 (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER)
 *
 * \param conf     SSL configuration
- * \param enable   Enable or disable (MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_ENABLED
- *                                 or MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED)
+ * \param order    Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER
+ *                                or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)
 */
-void mbedtls_ssl_conf_respect_client_preference( mbedtls_ssl_config *conf, int enable );
+void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order );
 #endif /* MBEDTLS_SSL_SRV_C */

 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)