mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-02-28 00:39:56 +00:00
8a7f972202
This commit temporarily comments the copying of the negotiated CIDs into the established ::mbedtls_ssl_transform in mbedtls_ssl_derive_keys() until the CID feature has been fully implemented. While mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() do support CID-based record protection by now and can be unit tested, the following two changes in the rest of the stack are still missing before CID-based record protection can be integrated: - Parsing of CIDs in incoming records. - Allowing the new CID record content type for incoming records. - Dealing with a change of record content type during record decryption. Further, since mbedtls_ssl_get_peer_cid() judges the use of CIDs by the CID fields in the currently transforms, this change also requires temporarily disabling some grepping for ssl_client2 / ssl_server2 debug output in ssl-opt.sh.