Add note about not implementing PSK id_hint

This commit is contained in:
Manuel Pégourié-Gonnard 2016-02-22 11:10:14 +01:00 committed by Simon Butcher
parent d47c4335b8
commit e6a4846435
3 changed files with 12 additions and 3 deletions

View file

@ -1613,6 +1613,11 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
* \note This is mainly useful for clients. Servers will usually * \note This is mainly useful for clients. Servers will usually
* want to use \c mbedtls_ssl_conf_psk_cb() instead. * want to use \c mbedtls_ssl_conf_psk_cb() instead.
* *
* \note Currently clients can only register one pre-shared key.
* In other words, the servers' idendity hint is ignored.
* Please contact us if you need ability to set multiple PSKs
* on clients and select one based on the identity hint.
*
* \param conf SSL configuration * \param conf SSL configuration
* \param psk pointer to the pre-shared key * \param psk pointer to the pre-shared key
* \param psk_len pre-shared key length * \param psk_len pre-shared key length

View file

@ -1981,8 +1981,11 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
} }
// TODO: Retrieve PSK identity hint and callback to app /*
// * Note: we currently ignore the PKS identity hint, as we only allow one
* PSK to be provisionned on the client. This could be changed later if
* someone needs that feature.
*/
*p += len; *p += len;
ret = 0; ret = 0;

View file

@ -2718,7 +2718,8 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{ {
/* TODO: Support identity hints */ /* Note: we don't support identity hints, until someone asks
* for them. */
*(p++) = 0x00; *(p++) = 0x00;
*(p++) = 0x00; *(p++) = 0x00;