* development:
Bump yotta patch version
Merging iotssl-457-badtail with development branch
Moe top-level Readme to markdown
Changelog entry fro the previous commit
Add NULL checks to top-level SSL functions
Skip to trusted certs early in the chain
Add tests for verify callback
Improve mbedtls_ssl_write() documentation
Add mbedtls_ssl_get_max_frag_len()
Print "thread ID" in debug messages
Only use -Wshadow with GCC 4.8 or higher
Fix error reporting in pkey/pk_* programs
Fix more comments/outputs in verify programs
Fix hash buffer size in pkey programs
Change default RSA key size in rsa_genkey
Fix comments about filenames in some programs
Fix memory corruption in rsa sign/verify programs
Fix warning with MD/SHA ALT implementation
Fix handling of long PSK identities
Fix -Wshadow warnings
* development:
Document the three libraries in Readme
Document how to build shared libs with CMake
Disable some tests with valgrind
Clarify that there are two SSL I/O buffers
Fix RSA mutex fix
Fix last edit
Small edit
Small edit
Small edit
Small edit
Very small edit
Fix possible mutex lock/unlock mismatch
Sync yotta and general readme again
Ship license files with the yotta module
Edited
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).
closes#220
Once the mutex is acquired, we must goto cleanup rather that return.
Since cleanup adjusts the return value, adjust that in test cases.
Also, at cleanup we don't want to overwrite 'ret', or we'll loose track of
errors.
see #257
* development:
Finish test in pkwrite
Fix debug mode in example-tls-client
Update output of example-tls-client in its readme
Relax timing_self_test for windows idiosyncrasies
Removing yt ls step in READMEs of examples
Fix pkwrite test that were failing on mingw32
Fix usage of minar in example-tls-client
- allow up to 12.5% security/error margin
- use larger delays
- this avoid the security/error margin being too low
The test used to fail about 1 out of 6 times on some buildbots VMs, but never
failed on the physical machines used for development.
This is not required nor recommended by the protocol, and it's a layering
violation, but it's a know flaw in the protocol that you can't detect a PSK
auth error in any other way, so it is probably the right thing to do.
closes#227
This is particularly problematic when calling FD_SET( -1, ... ), but let's
check it in all functions.
This was introduced with the new API and the fact the net_free() now sets the
internal fd to -1 in order to mark it as closed: now using this information.
