feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity

fix(esp-tls): Retry reads if using session tickets with TLS 1.3

Browse Source 
Fixed the error that occurred while performing OTA upgrades over
TLS 1.3 connection. After handshake is completed, post-handshake message
is received and internal state is changed. While performing mbedtls_ssl_read(),
it checks handshake state and if it is not MBEDTLS_SSL_HANDSHAKE_OVER,
mbedtls_ssl_handshake is called again.
This commit is contained in:
Harshit Malpani
2023-07-17 13:24:40 +05:30
parent 1d530cc23c
commit 1c3c89eb43
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
components/esp-tls/esp_tls_mbedtls.c
View File

@ -230,7 +230,10 @@ ssize_t esp_mbedtls_read(esp_tls_t *tls, char *data, size_t datalen)
ssize_t ret = mbedtls_ssl_read(&tls->ssl, (unsigned char *)data, datalen); ssize_t ret = mbedtls_ssl_read(&tls->ssl, (unsigned char *)data, datalen);
#if CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 && CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS #if CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 && CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS
while (ret == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET) { // If a post-handshake message is received, connection state is changed to `MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET`
// Call mbedtls_ssl_read() till state is `MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET` or return code is `MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET`
// to process session tickets in TLS 1.3 connection
while (ret == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET || tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET) {
ESP_LOGD(TAG, "got session ticket in TLS 1.3 connection, retry read"); ESP_LOGD(TAG, "got session ticket in TLS 1.3 connection, retry read");
ret = mbedtls_ssl_read(&tls->ssl, (unsigned char *)data, datalen); ret = mbedtls_ssl_read(&tls->ssl, (unsigned char *)data, datalen);
} }