mirror of
				https://github.com/Mbed-TLS/mbedtls.git
				synced 2025-10-24 13:32:59 +03:00 
			
		
		
		
	
		
			
				
	
	
		
			21 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			21 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| Removal of some SSL error codes
 | |
| -----------------------------------------------------------------
 | |
| 
 | |
| This affects users manually checking for the following error codes:
 | |
| - `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED`
 | |
| - `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH`
 | |
| - `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE`
 | |
| 
 | |
| Migration paths:
 | |
| - `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED` and `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH`
 | |
|   should never be returned from Mbed TLS, and there is no need to check for it.
 | |
|   Users should simply remove manual checks for those codes, and let the Mbed TLS
 | |
|   team know if -- contrary to the team's understanding -- there is in fact a situation
 | |
|   where one of them was ever returned.
 | |
| - `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` has been removed, and
 | |
|   `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` is returned instead if the user's own certificate
 | |
|   is too large to fit into the output buffers. Users should check for
 | |
|   `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` instead, and potentially compare the size of their
 | |
|   own certificate against the configured size of the output buffer to understand if
 | |
|   the error is due to an overly large certificate.
 |