* development:
Bump yotta patch version
Merging iotssl-457-badtail with development branch
Moe top-level Readme to markdown
Changelog entry fro the previous commit
Add NULL checks to top-level SSL functions
Skip to trusted certs early in the chain
Add tests for verify callback
Improve mbedtls_ssl_write() documentation
Add mbedtls_ssl_get_max_frag_len()
Print "thread ID" in debug messages
Only use -Wshadow with GCC 4.8 or higher
Fix error reporting in pkey/pk_* programs
Fix more comments/outputs in verify programs
Fix hash buffer size in pkey programs
Change default RSA key size in rsa_genkey
Fix comments about filenames in some programs
Fix memory corruption in rsa sign/verify programs
Fix warning with MD/SHA ALT implementation
Fix handling of long PSK identities
Fix -Wshadow warnings
* development:
Document the three libraries in Readme
Document how to build shared libs with CMake
Disable some tests with valgrind
Clarify that there are two SSL I/O buffers
Fix RSA mutex fix
Fix last edit
Small edit
Small edit
Small edit
Small edit
Very small edit
Fix possible mutex lock/unlock mismatch
Sync yotta and general readme again
Ship license files with the yotta module
Edited
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).
closes#220
As we're about to change the chain construction logic, we want to make sure
the callback will still be called exactly when it should, and not on the
(upcoming) ignored certs in the chain.
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
Tends to cause spurious failures on buildbots due to peer timing out.
Anyway, those tests are mainly for interop, any memory error is most likely
catched by some earlier self-op test. (Also, we'll run these tests with ASan
anyway.)
Once the mutex is acquired, we must goto cleanup rather that return.
Since cleanup adjusts the return value, adjust that in test cases.
Also, at cleanup we don't want to overwrite 'ret', or we'll loose track of
errors.
see #257
