Add debug messages

Add debug messages to easier identify which condition fails
with usage restrictions in mbedtls_ssl_context_save()
This commit is contained in:
Jarno Lamsa 2019-08-21 13:45:05 +03:00
parent bccf03591f
commit 8c51b7cd94

View file

@ -11415,32 +11415,62 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
*/
/* The initial handshake must be over */
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Initial handshake isn't over" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
if( ssl->handshake != NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Handshake isn't completed" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
/* Double-check that sub-structures are indeed ready */
if( ssl->transform == NULL || ssl->session == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Serialised structures aren't ready" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
/* There must be no pending incoming or outgoing data */
if( mbedtls_ssl_check_pending( ssl ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending incoming data" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
if( ssl->out_left != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending outgoing data" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
/* Protocol must be DLTS, not TLS */
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only DTLS is supported" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
/* Version must be 1.2 */
if( ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
/* We must be using an AEAD ciphersuite */
if( mbedtls_ssl_transform_uses_aead( ssl->transform ) != 1 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only AEAD ciphersuites supported" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
/* Renegotiation must not be enabled */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Renegotiation must not be enabled" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
#endif
/*