commit 8367ccc03bfdc86320324dfdc87ccb518d536282
author Hanno Becker <hanno.becker@arm.com> Tue May 14 11:30:10 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Mon Jun 03 16:07:50 2019 +0100
tree e0b46a2c6fc7c43f12ef64418e2a74761752cbe1
parent c37c96a3c513c75bb7f599668088c5c164e88483

Allow to configure the stack's behaviour on unexpected CIDs

This commit modifies the CID configuration API mbedtls_ssl_conf_cid_len()
to allow the configuration of the stack's behaviour when receiving an
encrypted DTLS record with unexpected CID.

programs/ssl/ssl_client2.c

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 5a5cc14..60f922f 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1842,9 +1842,11 @@
 
 
         if( opt.cid_enabled == 1 )
-            ret = mbedtls_ssl_conf_cid_len( &conf, cid_len );
+            ret = mbedtls_ssl_conf_cid( &conf, cid_len,
+                                        MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
         else
-            ret = mbedtls_ssl_conf_cid_len( &conf, cid_renego_len );
+            ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
+                                        MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
 
         if( ret != 0 )
         {

programs/ssl/ssl_server2.c

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index cc74c83..1721dae 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2727,9 +2727,11 @@
         }
 
         if( opt.cid_enabled == 1 )
-            ret = mbedtls_ssl_conf_cid_len( &conf, cid_len );
+            ret = mbedtls_ssl_conf_cid( &conf, cid_len,
+                                        MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
         else
-            ret = mbedtls_ssl_conf_cid_len( &conf, cid_renego_len );
+            ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
+                                        MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
 
         if( ret != 0 )
         {