| Hanno Becker | 8e184e2 | 2021-05-14 17:10:27 +0100 | [diff] [blame] | 1 | Removal of some SSL error codes |
| 2 | ----------------------------------------------------------------- |
| 3 | |
| 4 | This affects users manually checking for the following error codes: |
| 5 | - `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED` |
| 6 | - `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH` |
| 7 | - `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` |
| 8 | |
| 9 | Migration paths: |
| 10 | - `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED` and `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH` |
| 11 | should never be returned from Mbed TLS, and there is no need to check for it. |
| 12 | Users should simply remove manual checks for those codes, and let the Mbed TLS |
| 13 | team know if -- contrary to the team's understanding -- there is in fact a situation |
| 14 | where one of them was ever returned. |
| 15 | - `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` has been removed, and |
| 16 | `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` is returned instead if the user's own certificate |
| 17 | is too large to fit into the output buffers. Users should check for |
| 18 | `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` instead, and potentially compare the size of their |
| 19 | own certificate against the configured size of the output buffer to understand if |
| 20 | the error is due to an overly large certificate. |