mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-29 21:33:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update documentation

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2015-09-08 15:36:09 +02:00
parent 14c2574a9d
commit 3a2a4485d4
1 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
include/mbedtls/ssl.h
View File

@ -1170,6 +1170,11 @@ typedef int mbedtls_ssl_cookie_check_t( void *ctx,
* the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected * the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected
* on the first handshake attempt when this is enabled. * on the first handshake attempt when this is enabled.
* *
* \note This is also necessary to handle client reconnection from
* the same port as described in RFC 6347 section 4.2.8 (only
* the variant with cookies is supported currently). See
* comments on \c mbedtls_ssl_read() for details.
*
* \param conf SSL configuration * \param conf SSL configuration
* \param f_cookie_write Cookie write callback * \param f_cookie_write Cookie write callback
* \param f_cookie_check Cookie check callback * \param f_cookie_check Cookie check callback
@ -2139,7 +2144,23 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
* *
* \return the number of bytes read, or * \return the number of bytes read, or
* 0 for EOF, or * 0 for EOF, or
* a negative error code. * MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
* MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or
* another negative error code.
*
* \note When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
* (which can only happen server-side), it means that a client
* is initiating a new connection using the same source port.
* You can either treat that as a connection close and wait
* for the client to resend a ClientHello, or directly
* continue with \c mbedtls_ssl_handshake() with the same
* context (as it has beeen reset internally). Either way, you
* should make sure this is seen by the application as a new
* connection: application state, if any, should be reset, and
* most importantly the identity of the client must be checked
* again. WARNING: not validating the identity of the client
* again, or not transmitting the new identity to the
* application layer, would allow authentication bypass!
*/ */
int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ); int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );