commit 7ef9fd8989f5ced6185a9922a77e4cdc4627302d
author Jerry Yu <jerry.h.yu@arm.com> Tue Nov 07 14:30:38 2023 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Tue Nov 07 14:31:37 2023 +0800
tree 65982ff51393d25485023b8739960291e1df69b5
parent 2bea94ce2e61620d101b96527f91f82ec2e4b27e

fix various issues

- Debug message
- Improve comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 6155946..ee6e89c 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -160,7 +160,8 @@
     mbedtls_free(ticket_buffer);
 
     if (ret == 0 && session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
-        MBEDTLS_SSL_DEBUG_MSG(3, ("ticket version invalid."));
+        MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket TLS version is not 1.3."));
+        /* TODO: Define new return value for this case. */
         ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
     }
 
@@ -1781,7 +1782,7 @@
            via a NewSessionTicket message thus in the case of a session
            resumption. */
         MBEDTLS_SSL_DEBUG_MSG(
-            1, ("EarlyData: rejected, not resumption session."));
+            1, ("EarlyData: rejected, not a session resumption."));
         return;
     }
 
@@ -1796,26 +1797,27 @@
      * - The selected ALPN [RFC7301] protocol, if any
      *
      * NOTE:
-     *  - ALPN hasn't been checked.
-     *  - TLS version is checked in
-     *    ssl_tls13_offered_psks_check_identity_match_ticket()
+     *  - The TLS version number is checked in
+     *    ssl_tls13_offered_psks_check_identity_match_ticket().
+     *  - ALPN is not checked for the time being (TODO).
      */
 
     if (handshake->selected_identity != 0) {
         MBEDTLS_SSL_DEBUG_MSG(
-            1, ("EarlyData: rejected, first psk key is not offered."));
+            1, ("EarlyData: rejected, the selected key in "
+                "`pre_shared_key` is not the first one."));
         return;
     }
 
     if (handshake->ciphersuite_info->id !=
         ssl->session_negotiate->ciphersuite) {
         MBEDTLS_SSL_DEBUG_MSG(
-            1, ("EarlyData: rejected, selected ciphersuite mismatch."));
+            1, ("EarlyData: rejected, the selected ciphersuite is not the one "
+                "of the selected pre-shared key."));
         return;
 
     }
 
-    /* TODO: Add more checks here. */
 
     ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
 

tests/opt-testcases/tls13-misc.sh

diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
index ffa914e..2c25354 100755
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -513,7 +513,6 @@
          -s "Last error was: -29056 - SSL - Verification of the message MAC failed"
 
 requires_gnutls_next
-
 requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
                              MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
                              MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \