1.6 KiB
Changes in the SSL error code space
Removals
This affects users manually checking for the following error codes:
MBEDTLS_ERR_SSL_CERTIFICATE_REQUIREDMBEDTLS_ERR_SSL_INVALID_VERIFY_HASHMBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGEMBEDTLS_ERR_SSL_BAD_HS_XXX
Migration paths:
-
MBEDTLS_ERR_SSL_CERTIFICATE_REQUIREDandMBEDTLS_ERR_SSL_INVALID_VERIFY_HASHshould never be returned from Mbed TLS, and there is no need to check for it.Users should simply remove manual checks for those codes, and let the Mbed TLS team know if -- contrary to the team's understanding -- there is in fact a situation where one of them was ever returned.
-
MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGEhas been removed, andMBEDTLS_ERR_SSL_BUFFER_TOO_SMALLis returned instead if the user's own certificate is too large to fit into the output buffers.Users should check for
MBEDTLS_ERR_SSL_BUFFER_TOO_SMALLinstead, and potentially compare the size of their own certificate against the configured size of the output buffer to understand if the error is due to an overly large certificate. -
All
MBEDTLS_ERR_SSL_BAD_HS_XXXerror code have been removed.Users should check for the newly introduced generic error codes
MBEDTLS_ERR_SSL_DECODE_ERRORMBEDTLS_ERR_SSL_ILLEGAL_PARAMETER,MBEDTLS_ERR_SSL_HANDSHAKE_FAILUREMBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSIONMBEDTLS_ERR_SSL_BAD_CERTIFICATEMBEDTLS_ERR_SSL_UNRECOGNIZED_NAMEinstead.
Users should check for the generic error codes instead.