tls13: early_data: cli: improve comment

This commit improves comment of why we assign the identifier of the ciphersuite in handshake to `ssl->session_negotiate`. Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2025-03-16 04:20:49 +00:00 · 2023-12-01 17:46:06 +08:00 · 2023-12-01 17:46:06 +08:00 · 9ae6534c20
commit 9ae6534c20
parent 03a00768c0
1 changed files with 8 additions and 7 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -2207,13 +2207,14 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl)
 #endif

    /*
-     * Move `session_negotiate->ciphersuite` assignment here which after
-     * early data cipher suite check.
-     *
-     * We compute transform_handshake by the cipher suite chosen from
-     * the server in `handshake`. `session_negotiate->ciphersuite` is the
-     * cipher suite negotiated in previous connection and it is not used for
-     * computing transform_handshake.
+     * In case the client has proposed a PSK associated with a ticket,
+     * `ssl->session_negotiate->ciphersuite` still contains at this point the
+     * identifier of the ciphersuite associated with the ticket. This is that
+     * way because, if an exchange of early data is agreed upon, we need
+     * it to check that the ciphersuite selected for the handshake is the
+     * ticket ciphersuite (see above). This information is not needed
+     * anymore thus we can now set it to the identifier of the ciphersuite
+     * used in this session under negotiation.
     */
    ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id;