Add note about not implementing PSK id_hint
This commit is contained in:
parent
90ab4a45b5
commit
9d6241269a
3 changed files with 12 additions and 3 deletions
|
@ -1614,6 +1614,11 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
|
|||
* \note This is mainly useful for clients. Servers will usually
|
||||
* want to use \c mbedtls_ssl_conf_psk_cb() instead.
|
||||
*
|
||||
* \note Currently clients can only register one pre-shared key.
|
||||
* In other words, the servers' idendity hint is ignored.
|
||||
* Please contact us if you need ability to set multiple PSKs
|
||||
* on clients and select one based on the identity hint.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param psk pointer to the pre-shared key
|
||||
* \param psk_len pre-shared key length
|
||||
|
|
|
@ -1981,8 +1981,11 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
|
|||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
|
||||
// TODO: Retrieve PSK identity hint and callback to app
|
||||
//
|
||||
/*
|
||||
* Note: we currently ignore the PKS identity hint, as we only allow one
|
||||
* PSK to be provisionned on the client. This could be changed later if
|
||||
* someone needs that feature.
|
||||
*/
|
||||
*p += len;
|
||||
ret = 0;
|
||||
|
||||
|
|
|
@ -2718,7 +2718,8 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
|
||||
{
|
||||
/* TODO: Support identity hints */
|
||||
/* Note: we don't support identity hints, until someone asks
|
||||
* for them. */
|
||||
*(p++) = 0x00;
|
||||
*(p++) = 0x00;
|
||||
|
||||
|
|
Loading…
Reference in a new issue