Commit 207990dc authored by Simon Butcher's avatar Simon Butcher

Added description of change to the Changelog

Also clarified some comments following review.
parent e2e25e74
mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.2.1 released 2015-12-xx
Changes
* To avoid dropping an entire DTLS datagram if a single record in a datagram
is invalid, we now only drop the record and look at subsequent records (if
any are presemt) in the same datagram to avoid interoperability issues.
Previously the library was dropping the entire datagram. Where a record is
unexpected, the function mbedtls_ssl_read_record() will now return
MBEDTLS_ERR_SSL_UNEXPECTED_RECORD.
= mbed TLS 2.2.0 released 2015-11-04
Security
......
......@@ -3467,16 +3467,16 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
* uint16 length;
*
* Return 0 if header looks sane (and, for DTLS, the record is expected)
* MBEDTLS_ERR_SSL_INVALID_RECORD is the header looks bad,
* MBEDTLS_ERR_SSL_INVALID_RECORD if the header looks bad,
* MBEDTLS_ERR_SSL_UNEXPECTED_RECORD (DTLS only) if sane but unexpected.
*
* With DTLS, mbedtls_ssl_read_record() will:
* 1. proceed with the record if we return 0
* 2. drop only the current record if we return UNEXPECTED_RECORD
* 3. return CLIENT_RECONNECT if we return that
* 4. drop the whole datagram if we return anything else.
* Point 2 is needed when the peer is resending, and we already received the
* first record from a datagram but are still waiting for the others.
* 1. proceed with the record if this function returns 0
* 2. drop only the current record if this function returns UNEXPECTED_RECORD
* 3. return CLIENT_RECONNECT if this function return that value
* 4. drop the whole datagram if this function returns anything else.
* Point 2 is needed when the peer is resending, and we have already received
* the first record from a datagram but are still waiting for the others.
*/
static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
{
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment