2b7ad6472b
It might not be obvious that this option goes beyond adding new functions, but also automagically modifies the behaviour of TLS in some circumstances. Moreover, the exact modifications and circumstances were not documented anywhere outside the ChangeLog. Fix that. While at it, adjust the test that checks no restartable behaviour with other key exchanges, to use a key exchange that allows cert-based client authentication so that we can check that this is not restartable either. We don't have any automated test checking that the server is never affected. That would require adding an ec_max_ops command-line option to ssl_server2 that never has any effect, just to check that it indeed doesn't. I'm not sure that's worth it. I tested manually and could confirm that the server never has restartable behaviour, even for the parts that are shared between client and server such as cert chain verification. Note (from re-reading the code): all restartable behaviour is controlled by the flag ssl->handshake->ecrs_enabled which is only client-side with the ECDHE-ECDSA key exchange (TLS 1.2). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> |
||
|---|---|---|
| .. | ||
| mbedtls | ||
| psa | ||
| .gitignore | ||
| CMakeLists.txt | ||