lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge branch 'development-restricted' into merge-from-restricted

Browse Source 
* development-restricted:
  Add missing credit for set_hostname issue
  Add changelog entry for TLS 1.2 Finished fix
  TLS1.2: Check for failures in Finished calculation
  ssl_session_reset: preserve HOSTNAME_SET flag
  Document the need to call mbedtls_ssl_set_hostname
  Improve documentation of mbedtls_ssl_set_hostname
  Changelog entries for requiring mbedls_ssl_set_hostname() in TLS clients
  Add a note about calling mbedtls_ssl_set_hostname to mbedtls_ssl_setup
  mbedtls_ssl_set_hostname tests: add tests with CA callback
  Call mbedtls_ssl_set_hostname in the generic endpoint setup in unit tests
  Require calling mbedtls_ssl_set_hostname() for security
  Create error code for mbedtls_ssl_set_hostname not called
  Keep track of whether mbedtls_ssl_set_hostname() has been called
  Access ssl->hostname through abstractions in certificate verification
  mbedtls_ssl_set_hostname tests: baseline
  Add a flags field to mbedtls_ssl_context
  Automate MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK dependency
  Make guards more consistent between X.509-has-certs and SSL-has-certs
  Fix Doxygen markup
  Make ticket_alpn field private

 Conflicts:
	programs/ssl/ssl_test_common_source.c
This commit is contained in:
Manuel Pégourié-Gonnard
2025-04-01 09:40:47 +02:00
parent 694cbfa6de 82bac6e076
commit ed4a2b4f0a
9 changed files with 425 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
library/ssl_misc.h
View File

@ -51,6 +51,22 @@ extern const mbedtls_error_pair_t psa_to_ssl_errors[7];
#define MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED
#endif
/** Flag values for mbedtls_ssl_context::flags. */
typedef enum {
/** Set if mbedtls_ssl_set_hostname() has been called. */
MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET = 1,
} mbedtls_ssl_context_flags_t;
/** Flags from ::mbedtls_ssl_context_flags_t to keep in
* mbedtls_ssl_session_reset().
*
* The flags that are in this list are kept until explicitly updated or
* until mbedtls_ssl_free(). The flags that are not listed here are
* reset to 0 in mbedtls_ssl_session_reset().
*/
#define MBEDTLS_SSL_CONTEXT_FLAGS_KEEP_AT_SESSION \
(MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET)
#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */