mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 06:25:41 +01:00
Added description of change to the Changelog
Also clarified some comments following review.
This commit is contained in:
parent
e2e25e7427
commit
207990dcf5
10
ChangeLog
10
ChangeLog
@ -1,5 +1,15 @@
|
||||
mbed TLS ChangeLog (Sorted per branch, date)
|
||||
|
||||
= mbed TLS 2.2.1 released 2015-12-xx
|
||||
|
||||
Changes
|
||||
* To avoid dropping an entire DTLS datagram if a single record in a datagram
|
||||
is invalid, we now only drop the record and look at subsequent records (if
|
||||
any are presemt) in the same datagram to avoid interoperability issues.
|
||||
Previously the library was dropping the entire datagram. Where a record is
|
||||
unexpected, the function mbedtls_ssl_read_record() will now return
|
||||
MBEDTLS_ERR_SSL_UNEXPECTED_RECORD.
|
||||
|
||||
= mbed TLS 2.2.0 released 2015-11-04
|
||||
|
||||
Security
|
||||
|
@ -3467,16 +3467,16 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
|
||||
* uint16 length;
|
||||
*
|
||||
* Return 0 if header looks sane (and, for DTLS, the record is expected)
|
||||
* MBEDTLS_ERR_SSL_INVALID_RECORD is the header looks bad,
|
||||
* MBEDTLS_ERR_SSL_INVALID_RECORD if the header looks bad,
|
||||
* MBEDTLS_ERR_SSL_UNEXPECTED_RECORD (DTLS only) if sane but unexpected.
|
||||
*
|
||||
* With DTLS, mbedtls_ssl_read_record() will:
|
||||
* 1. proceed with the record if we return 0
|
||||
* 2. drop only the current record if we return UNEXPECTED_RECORD
|
||||
* 3. return CLIENT_RECONNECT if we return that
|
||||
* 4. drop the whole datagram if we return anything else.
|
||||
* Point 2 is needed when the peer is resending, and we already received the
|
||||
* first record from a datagram but are still waiting for the others.
|
||||
* 1. proceed with the record if this function returns 0
|
||||
* 2. drop only the current record if this function returns UNEXPECTED_RECORD
|
||||
* 3. return CLIENT_RECONNECT if this function return that value
|
||||
* 4. drop the whole datagram if this function returns anything else.
|
||||
* Point 2 is needed when the peer is resending, and we have already received
|
||||
* the first record from a datagram but are still waiting for the others.
|
||||
*/
|
||||
static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user