mbedtls icon indicating copy to clipboard operation
mbedtls copied to clipboard
verified publisher icon Mbed-TLS

Change the name of DTLS cookie macro?

Open irwir opened this issue 3 months ago • 6 comments

https://github.com/Mbed-TLS/mbedtls/blob/9c1f18a99acdc1816a962e32e0a07469cebd6583/include/mbedtls/mbedtls_config.h#L421-L427 Names related to DTLS in configuration file mostly have MBEDTLS_SSL_DTLS_ prefix. Maybe this one should be MBEDTLS_SSL_DTLS_COOKIE_C for consistency?

Edit. Also cookie-related calls in example programs could be skipped if DTLS was not used.

irwir avatar Sep 24 '25 17:09 irwir

Thanks for your report!

This is an API break, and we're two days away from code freeze for the next major version, so I'm not sure if your report comes right in time or perhaps a bit too late already? Let's see if someone has time to make a PR for it and get it merged in time.

mpg avatar Sep 26 '25 10:09 mpg

I don't think it would make sense to only rename the option: MBEDTLS_SSL_COOKIE_C determines whether the functions mbedtls_ssl_cookie_xxx() are available.

I agree that in principle it would be nicer for the functions to be called mbedtls_ssl_dtls_cookie_xxx(), and with a matching compile-time option name. But then if we modernized the names, we should also modernize ssl to tls. Too much effort!

gilles-peskine-arm avatar Sep 26 '25 10:09 gilles-peskine-arm

I'm increasing the size estimate because I don't think we should only rename the compilation option.

gilles-peskine-arm avatar Sep 26 '25 10:09 gilles-peskine-arm

I'm increasing the size estimate because I don't think we should only rename the compilation option.

Ah okay, the compile rename is fairly trivial, but if it would make sense to rename everything then this will probably miss the release unfortunately.

There's also the question of whether this will cause problems for people transitioning their config files or maintaining patches etc. Sadly this untidiness might have to stay with us for the time being.

davidhorstmann-arm avatar Sep 26 '25 11:09 davidhorstmann-arm

we're two days away from code freeze for the next major version

Seems like socket module changes going nowhere once again.

irwir avatar Sep 26 '25 17:09 irwir

I'm afraid so. There was so much that we had to include in this major version (related to the transition to PSA crypto and the repo split, and to remove major blocks to future improvements) that we had to make hard choices and remove from the scope a lot of things that we would really, really have liked to do in this major version, but that will unfortunately have to wait for the next one now. But it's already been more that one year since our last feature release, so at some point we need to get 1.0/4.0 out and start working on new features again.

mpg avatar Sep 29 '25 10:09 mpg