From eeabfa460c1d995b2a16011c6cf1a933f15e91bb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 25 Jul 2019 10:28:30 +0100 Subject: [PATCH] Note that mbedtls_ssl_pend_fatal_alert() must only be called once --- include/mbedtls/ssl_internal.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 676c11261..7e49e0ba0 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1730,6 +1730,15 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced( #define MBEDTLS_ALWAYS_INLINE #endif +/* This internal function can be used to pend a fatal alert for + * later delivery. + * + * The check for pending alerts must be done manually. Currently, + * it happens only during the handshake loop. + * + * This function must not be called multiple times without manually + * inspecting and clearing ssl->pending_fatal_alert_msg in between. + */ MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_pend_fatal_alert( mbedtls_ssl_context *ssl, unsigned char message )