mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-24 10:20:59 +00:00
Added description of change to the Changelog
Also clarified some comments following review.
This commit is contained in:
parent
e2e25e7427
commit
207990dcf5
10
ChangeLog
10
ChangeLog
|
@ -1,5 +1,15 @@
|
||||||
mbed TLS ChangeLog (Sorted per branch, date)
|
mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
|
= mbed TLS 2.2.1 released 2015-12-xx
|
||||||
|
|
||||||
|
Changes
|
||||||
|
* To avoid dropping an entire DTLS datagram if a single record in a datagram
|
||||||
|
is invalid, we now only drop the record and look at subsequent records (if
|
||||||
|
any are presemt) in the same datagram to avoid interoperability issues.
|
||||||
|
Previously the library was dropping the entire datagram. Where a record is
|
||||||
|
unexpected, the function mbedtls_ssl_read_record() will now return
|
||||||
|
MBEDTLS_ERR_SSL_UNEXPECTED_RECORD.
|
||||||
|
|
||||||
= mbed TLS 2.2.0 released 2015-11-04
|
= mbed TLS 2.2.0 released 2015-11-04
|
||||||
|
|
||||||
Security
|
Security
|
||||||
|
|
|
@ -3467,16 +3467,16 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
|
||||||
* uint16 length;
|
* uint16 length;
|
||||||
*
|
*
|
||||||
* Return 0 if header looks sane (and, for DTLS, the record is expected)
|
* Return 0 if header looks sane (and, for DTLS, the record is expected)
|
||||||
* MBEDTLS_ERR_SSL_INVALID_RECORD is the header looks bad,
|
* MBEDTLS_ERR_SSL_INVALID_RECORD if the header looks bad,
|
||||||
* MBEDTLS_ERR_SSL_UNEXPECTED_RECORD (DTLS only) if sane but unexpected.
|
* MBEDTLS_ERR_SSL_UNEXPECTED_RECORD (DTLS only) if sane but unexpected.
|
||||||
*
|
*
|
||||||
* With DTLS, mbedtls_ssl_read_record() will:
|
* With DTLS, mbedtls_ssl_read_record() will:
|
||||||
* 1. proceed with the record if we return 0
|
* 1. proceed with the record if this function returns 0
|
||||||
* 2. drop only the current record if we return UNEXPECTED_RECORD
|
* 2. drop only the current record if this function returns UNEXPECTED_RECORD
|
||||||
* 3. return CLIENT_RECONNECT if we return that
|
* 3. return CLIENT_RECONNECT if this function return that value
|
||||||
* 4. drop the whole datagram if we return anything else.
|
* 4. drop the whole datagram if this function returns anything else.
|
||||||
* Point 2 is needed when the peer is resending, and we already received the
|
* Point 2 is needed when the peer is resending, and we have already received
|
||||||
* first record from a datagram but are still waiting for the others.
|
* the first record from a datagram but are still waiting for the others.
|
||||||
*/
|
*/
|
||||||
static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue