| Hanno Becker | 67e49a6 | 2021-05-14 20:02:42 +0100 | [diff] [blame] | 1 | Relaxed semantics for PSK configuration |
| 2 | ----------------------------------------------------------------- |
| 3 | |
| 4 | This affects users which call the PSK configuration APIs |
| 5 | `mbedtlsl_ssl_conf_psk()` and `mbedtls_ssl_conf_psk_opaque()` |
| 6 | multiple times on the same SSL configuration. |
| 7 | |
| 8 | In Mbed TLS 2.x, users would observe later calls overwriting |
| 9 | the effect of earlier calls, with the prevailing PSK being |
| Hanno Becker | 196739b | 2021-05-28 05:25:46 +0100 | [diff] [blame] | 10 | the one that has been configured last. In Mbed TLS 3.0, |
| Hanno Becker | 2bec09c | 2021-05-28 09:54:31 +0100 | [diff] [blame] | 11 | calling `mbedtls_ssl_conf_[opaque_]psk()` multiple times |
| Hanno Becker | 196739b | 2021-05-28 05:25:46 +0100 | [diff] [blame] | 12 | will return an error, leaving the first PSK intact. |
| Hanno Becker | 67e49a6 | 2021-05-14 20:02:42 +0100 | [diff] [blame] | 13 | |
| 14 | To achieve equivalent functionality when migrating to Mbed TLS 3.0, |
| 15 | users calling `mbedtls_ssl_conf_[opaque_]psk()` multiple times should |
| 16 | remove all but the last call, so that only one call to _either_ |
| 17 | `mbedtls_ssl_conf_psk()` _or_ `mbedtls_ssl_conf_psk_opaque()` |
| 18 | remains. |