* development:
Bump yotta patch version
Merging iotssl-457-badtail with development branch
Moe top-level Readme to markdown
Changelog entry fro the previous commit
Add NULL checks to top-level SSL functions
Skip to trusted certs early in the chain
Add tests for verify callback
Improve mbedtls_ssl_write() documentation
Add mbedtls_ssl_get_max_frag_len()
Print "thread ID" in debug messages
Only use -Wshadow with GCC 4.8 or higher
Fix error reporting in pkey/pk_* programs
Fix more comments/outputs in verify programs
Fix hash buffer size in pkey programs
Change default RSA key size in rsa_genkey
Fix comments about filenames in some programs
Fix memory corruption in rsa sign/verify programs
Fix warning with MD/SHA ALT implementation
Fix handling of long PSK identities
Fix -Wshadow warnings
* development:
Document the three libraries in Readme
Document how to build shared libs with CMake
Disable some tests with valgrind
Clarify that there are two SSL I/O buffers
Fix RSA mutex fix
Fix last edit
Small edit
Small edit
Small edit
Small edit
Very small edit
Fix possible mutex lock/unlock mismatch
Sync yotta and general readme again
Ship license files with the yotta module
Edited
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
We're getting build errors with Clang 3.5.0 on our Debian Jessie buildslave:
library/padlock.c:99:10: error: inline assembly requires more registers than available
This is particularly problematic when calling FD_SET( -1, ... ), but let's
check it in all functions.
This was introduced with the new API and the fact the net_free() now sets the
internal fd to -1 in order to mark it as closed: now using this information.
We document that either of recv or recv_timeout may be NULL, but for TLS we
always used recv... Thanks Coverity for catching that.
(Not remotely trigerrable: local configuration.)
Also made me notice net_recv_timeout didn't do its job properly.
While at it, fix the following:
- on server with RSA_PSK, we don't want to set flags (client auth happens via
the PSK, no cert is expected).
- use safer tests (eg == OPTIONAL vs != REQUIRED)
