commit e8eff9a5170c17b9db038f370f62d95354f8b2c5
author Hanno Becker <hanno.becker@arm.com> Tue May 14 11:30:10 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Mon May 20 15:32:36 2019 +0100
tree 29a3c8ee84056688ba1abcdfceac2de2ca001b93
parent 7c3cdb62de1583ee53c4c3da8ad60bc2fa460f1e

Allow to configure the stack's behaviour on unexpected CIDs

This commit modifies the CID configuration API mbedtls_ssl_conf_cid_len()
to allow the configuration of the stack's behaviour when receiving an
encrypted DTLS record with unexpected CID.

programs/ssl/ssl_client2.c

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 61b048f..4827578 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1550,9 +1550,11 @@
 
 
         if( opt.cid_enabled == 1 )
-            ret = mbedtls_ssl_conf_cid_len( &conf, cid_len );
+            ret = mbedtls_ssl_conf_cid( &conf, cid_len,
+                                        MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
         else
-            ret = mbedtls_ssl_conf_cid_len( &conf, cid_renego_len );
+            ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
+                                        MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
 
         if( ret != 0 )
         {

programs/ssl/ssl_server2.c

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 87c6645..dc321cd 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2399,9 +2399,11 @@
         }
 
         if( opt.cid_enabled == 1 )
-            ret = mbedtls_ssl_conf_cid_len( &conf, cid_len );
+            ret = mbedtls_ssl_conf_cid( &conf, cid_len,
+                                        MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
         else
-            ret = mbedtls_ssl_conf_cid_len( &conf, cid_renego_len );
+            ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
+                                        MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
 
         if( ret != 0 )
         {