Add note about not implementing PSK id_hint

This commit is contained in:
Manuel Pégourié-Gonnard 2016-02-22 11:10:14 +01:00 committed by Simon Butcher
parent 90ab4a45b5
commit 9d6241269a
3 changed files with 12 additions and 3 deletions

View File

@ -1614,6 +1614,11 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
* \note This is mainly useful for clients. Servers will usually
* want to use \c mbedtls_ssl_conf_psk_cb() instead.
*
* \note Currently clients can only register one pre-shared key.
* In other words, the servers' idendity hint is ignored.
* Please contact us if you need ability to set multiple PSKs
* on clients and select one based on the identity hint.
*
* \param conf SSL configuration
* \param psk pointer to the pre-shared key
* \param psk_len pre-shared key length

View File

@ -1981,8 +1981,11 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
// TODO: Retrieve PSK identity hint and callback to app
//
/*
* Note: we currently ignore the PKS identity hint, as we only allow one
* PSK to be provisionned on the client. This could be changed later if
* someone needs that feature.
*/
*p += len;
ret = 0;

View File

@ -2718,7 +2718,8 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{
/* TODO: Support identity hints */
/* Note: we don't support identity hints, until someone asks
* for them. */
*(p++) = 0x00;
*(p++) = 0x00;