TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 17ef8dfddb998a7eab9de8cdfd0ff5c3b6e069fa^! / . / library
commit17ef8dfddb998a7eab9de8cdfd0ff5c3b6e069fa[log] [tgz]
authorRonald Cron <ronald.cron@arm.com>Wed Nov 22 10:29:42 2023 +0100
committerRonald Cron <ronald.cron@arm.com>Mon Jan 15 08:58:19 2024 +0100
tree392111e0f4e6612caffbe3a90c1c9d0f63bca548
parentba5165e09a4f38db594384a446566257cad1fcde [diff]
ssl_session: Define unconditionally the endpoint field

The endpoint field is needed to serialize/deserialize
a session in TLS 1.2 the same way it is needed in the
TLS 1.3 case: client specific fields that should not
be in the serialized version on server side if both
TLS client and server are enabled in the TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 0c5af87..5469850 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c

@@ -1268,6 +1268,7 @@
     ssl->tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version(buf,
                                                                                ssl->conf->transport);
     ssl->session_negotiate->tls_version = ssl->tls_version;
+    ssl->session_negotiate->endpoint = ssl->conf->endpoint;
 
     if (ssl->tls_version < ssl->conf->min_tls_version ||
         ssl->tls_version > ssl->conf->max_tls_version) {

diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 5a9f6ca..e433627 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c

@@ -1161,6 +1161,7 @@
     ssl->tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version(buf,
                                                                                ssl->conf->transport);
     ssl->session_negotiate->tls_version = ssl->tls_version;
+    ssl->session_negotiate->endpoint = ssl->conf->endpoint;
 
     if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2) {
         MBEDTLS_SSL_DEBUG_MSG(1, ("server only supports TLS 1.2"));

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 5c668bd..1bfac58 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c

@@ -1476,10 +1476,8 @@
         return SSL_SERVER_HELLO_TLS1_2;
     }
 
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    ssl->session_negotiate->endpoint = ssl->conf->endpoint;
     ssl->session_negotiate->tls_version = ssl->tls_version;
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+    ssl->session_negotiate->endpoint = ssl->conf->endpoint;
 
     handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE;
 

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 6e2866a..fa1f478 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c

@@ -1437,12 +1437,8 @@
      * We negotiate TLS 1.3.
      */
     ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    /* Store minor version for later use with ticket serialization. */
     ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
     ssl->session_negotiate->endpoint = ssl->conf->endpoint;
-#endif
 
     /*
      * We are negotiating the version 1.3 of the protocol. Do what we have