Add mbedtls_ssl_is_handshake_over() #5653
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
paul-elliott-arm
added
enhancement
needs-review
paul-elliott-arm
force-pushed
the
handshake_over
branch
from
2566728 to
ebfbcd7
Compare
Add function to query if SSL handshake is over or not, in order to determine when to stop calling mbedtls_ssl_handshake_step among other things. Document function, and add warnings that the previous method of ascertaining if handshake was over is now deprecated, and may break in future releases. Signed-off-by: Paul Elliott <[email protected]>
paul-elliott-arm
force-pushed
the
handshake_over
branch
from
ebfbcd7 to
1a42822
Compare
mprse
reviewed
Mar 23, 2022
Switch over to using the new function both internally and in tests. Signed-off-by: Paul Elliott <[email protected]>
paul-elliott-arm
force-pushed
the
handshake_over
branch
from
1a42822 to
27b0d94
Compare
mpg
removed
needs-review
mpg
added
the
needs-review
|
OpenCI seems stuck on resources, but the internal CI fully passed, which is enough. |
mpg
added
approved
| * | ||
| * \param ssl SSL context | ||
| * | ||
| * \return \c 1 if handshake is over, \c 0 if it is still ongoing. |
There was a problem hiding this comment.
Is this only the initial handshake, or also renegotiations? Can this function return 0 during a renegotiation?
|
I have noticed that unlike mbedtls_ssl_conf_sni, mbedtls_ssl_conf_cert_cb doesn't allow passing an opaque pointer to the callback. This is very inconvenient when the ssl context is contained in a struct that is needed in the callback. Is it still possible to align the cert callback to accept an opaque pointer, like the sni callback? Edit: I filed a new issue #5910 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Add an accessor function so that the user can tell at what point the SSL handshake is over, and thus at what point they should stop calling mbedtls_ssl_handshake_step().
Change over all internal and test checks to use this function.
Status
READY
Requires Backporting
NO
Migrations
NO
Todos
Steps to test or reproduce
test_suite_ssl and ssl_opt.sh should both run clean.