Hanno Becker
Hanno Becker
This issue it to track the review and potential rework of the client- and server-side Finished writing state in preparation for upstreaming. Things to look for: * Security * Functional...
This issue it to track the review and potential rework of the client- and server-side Certificate writing state in preparation for upstreaming. Things to look for: * Security * Functional...
The current session serialization code includes the endpoint certificate if and only if TLS 1.2 of earlier are _compile time_ enabled. We should insteadd include if it and only if...
If I understand correctly, the TLS 1.3 prototype does currently not support RSA signatures, which isn't because there's any particular issue with it or its relation to TLS 1.3, but...
The server currently skips parsing the EarlyDataIndication extension because 'there's nothing to parse'. However, we should still validate that the extension is empty as it must be, according to the...
If `MBEDTLS_ZERO_RTT` is enabled, the client only sends a single ciphersuite at the moment, which has two potential issues: 1. As far as I understand, this isn't prescribed by the...
Recently, it has been decided that internal headers in Mbed TLS shouldn't reside in `include` as `xxx_internal.h` (most notably, `ssl_internal.h`), but instead as `*.h` in `library/`. For example, `library/ssl_tls13_keys.h` is...
The prototype should build and pass tests if either of `MBEDTLS_SSL_CLI_C` or `MBEDTLS_SSL_SRV_C` are disabled.
The standard says: >There MUST NOT be more than one extension of the same type in a given extension block. This doesn't seem to be enforced in the current code-base.
The code parsing an HRR message is quite monolithic. Improve readability and maintainability by introducing helper functions for the parsing of various extensions.