Minor documentation improvements in ssl_parse_record_header()
This commit is contained in:
parent
955a5c98df
commit
37cfe73c92
1 changed files with 8 additions and 2 deletions
|
@ -4994,12 +4994,17 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Datagram too small to contain record." ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||
}
|
||||
|
||||
/* Records from the next epoch are considered for buffering
|
||||
* (concretely: early Finished messages). */
|
||||
if( rec_epoch == (unsigned) ssl->in_epoch + 1 )
|
||||
{
|
||||
/* Consider buffering the record. */
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Consider record for buffering" ) );
|
||||
return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
|
||||
}
|
||||
/* Records from other, non-matching epochs are silently discarded.
|
||||
* (The case of same-port Client reconnects must be considered in
|
||||
* the caller). */
|
||||
else if( rec_epoch != ssl->in_epoch )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
|
||||
|
@ -5008,7 +5013,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
|||
return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
/* Replay detection only works for the current epoch */
|
||||
/* For records from the correct epoch, check whether their
|
||||
* sequence number has been seen before. */
|
||||
else if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) );
|
||||
|
|
Loading…
Reference in a new issue