21 lines
1.1 KiB
Markdown
21 lines
1.1 KiB
Markdown
|
Removal of some SSL error codes
|
||
|
|
-----------------------------------------------------------------
|
||
|
|
|
||
|
|
This affects users manually checking for the following error codes:
|
||
|
|
- `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED`
|
||
|
|
- `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH`
|
||
|
|
- `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE`
|
||
|
|
|
||
|
|
Migration paths:
|
||
|
|
- `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED` and `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH`
|
||
|
|
should never be returned from Mbed TLS, and there is no need to check for it.
|
||
|
|
Users should simply remove manual checks for those codes, and let the Mbed TLS
|
||
|
|
team know if -- contrary to the team's understanding -- there is in fact a situation
|
||
|
|
where one of them was ever returned.
|
||
|
|
- `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` has been removed, and
|
||
|
|
`MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` is returned instead if the user's own certificate
|
||
|
|
is too large to fit into the output buffers. Users should check for
|
||
|
|
`MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` instead, and potentially compare the size of their
|
||
|
|
own certificate against the configured size of the output buffer to understand if
|
||
|
|
the error is due to an overly large certificate.
|