Merge remote-tracking branch 'upstream-public/pr/1064' into mbedtls-2.7-restricted-proposed
diff --git a/ChangeLog b/ChangeLog
index 024d564..f132721 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -31,6 +31,7 @@
overflow. #1179
* Fix memory allocation corner cases in memory_buffer_alloc.c module. Found
by Guido Vranken. #639
+ * Log correct number of ciphersuites used in Client Hello message. #918
* Fix X509 CRT parsing that would potentially accept an invalid tag when
parsing the subject alternative names.
* Fix a possible arithmetic overflow in ssl_parse_server_key_exchange()
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index eeb2fe2..786d049 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -902,6 +902,8 @@
*p++ = (unsigned char)( ciphersuites[i] );
}
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
+
/*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/
@@ -909,6 +911,7 @@
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
#endif
{
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO );
n++;
@@ -928,8 +931,6 @@
*q++ = (unsigned char)( n >> 7 );
*q++ = (unsigned char)( n << 1 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
-
#if defined(MBEDTLS_ZLIB_SUPPORT)
offer_compress = 1;
#else