commit 20c7db3a678b840be578cd3e1a7044d20a23158d
author Johan Pascal <johan.pascal@belledonne-communications.com> Mon Oct 26 22:45:58 2020 +0100
committer Johan Pascal <johan.pascal@belledonne-communications.com> Thu Oct 29 01:14:50 2020 +0100
tree 28d8811377de154ffcb0be446ee48aa44f837ded
parent adbd9449ecad5ff011a3eb57cd2548900d421603

API modified so server side can get mki value
+ client side discards self mki if server does not support it

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index ddbe5ca..56a71c6 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1925,6 +1925,14 @@
                                         MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
     }
+
+    /* If server does not use mki in its reply, make sure the client won't keep
+     * one as negotiated */
+    if( len == 5 )
+    {
+        ssl->dtls_srtp_info.mki_len = 0;
+    }
+
     /*
      * RFC5764:
      *  If the client detects a nonzero-length MKI in the server's response

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a9e5523..cee8ba1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4751,10 +4751,10 @@
     return( 0 );
 }
 
-mbedtls_ssl_srtp_profile
-     mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl )
+const mbedtls_dtls_srtp_info *
+     mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl )
 {
-    return( ssl->dtls_srtp_info.chosen_dtls_srtp_profile );
+    return( &( ssl->dtls_srtp_info ) );
 }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */