8a7f972202
This commit temporarily comments the copying of the negotiated CIDs into the established ::mbedtls_ssl_transform in mbedtls_ssl_derive_keys() until the CID feature has been fully implemented. While mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() do support CID-based record protection by now and can be unit tested, the following two changes in the rest of the stack are still missing before CID-based record protection can be integrated: - Parsing of CIDs in incoming records. - Allowing the new CID record content type for incoming records. - Dealing with a change of record content type during record decryption. Further, since mbedtls_ssl_get_peer_cid() judges the use of CIDs by the CID fields in the currently transforms, this change also requires temporarily disabling some grepping for ssl_client2 / ssl_server2 debug output in ssl-opt.sh. |
||
---|---|---|
.. | ||
.jenkins | ||
data_files | ||
git-scripts | ||
scripts | ||
suites | ||
.gitignore | ||
CMakeLists.txt | ||
compat.sh | ||
Descriptions.txt | ||
Makefile | ||
ssl-opt.sh |