mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-16 04:20:49 +00:00
tls13: early_data: cli: improve comment
This commit improves comment of why we assign the identifier of the ciphersuite in handshake to `ssl->session_negotiate`. Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit is contained in:
parent
03a00768c0
commit
9ae6534c20
@ -2207,13 +2207,14 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl)
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Move `session_negotiate->ciphersuite` assignment here which after
|
||||
* early data cipher suite check.
|
||||
*
|
||||
* We compute transform_handshake by the cipher suite chosen from
|
||||
* the server in `handshake`. `session_negotiate->ciphersuite` is the
|
||||
* cipher suite negotiated in previous connection and it is not used for
|
||||
* computing transform_handshake.
|
||||
* In case the client has proposed a PSK associated with a ticket,
|
||||
* `ssl->session_negotiate->ciphersuite` still contains at this point the
|
||||
* identifier of the ciphersuite associated with the ticket. This is that
|
||||
* way because, if an exchange of early data is agreed upon, we need
|
||||
* it to check that the ciphersuite selected for the handshake is the
|
||||
* ticket ciphersuite (see above). This information is not needed
|
||||
* anymore thus we can now set it to the identifier of the ciphersuite
|
||||
* used in this session under negotiation.
|
||||
*/
|
||||
ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id;
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user