lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Document behaviour of mbedtls_ssl_get_peer_cid() for empty CIDs

Browse Source
This commit is contained in:
Hanno Becker
2019-05-03 12:54:52 +01:00
parent 5a29990367
commit c5f2422116
2 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
library/ssl_tls.c
View File

@ -165,11 +165,10 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
/* What shall we report if we have exchanged if both client
* and server have used the CID extension, but negotiated
* empty CIDs? This is indistinguishable from not using the
* CID extension in the first place, and we're reporting
* MBEDTLS_SSL_CID_DISABLED in this case. */
/* We report MBEDTLS_SSL_CID_DISABLED in case the CID extensions
* were used, but client and server requested the empty CID.
* This is indistinguishable from not using the CID extension
* in the first place. */
if( ssl->transform_in->in_cid_len == 0 &&
ssl->transform_in->out_cid_len == 0 )
{