patrick/zephyr
1
0
Fork 0
Code Issues Pull requests Actions 8 Packages Projects Releases Wiki Activity

net: tls: Add SSL/TLS secure renegotiation support

Browse source 
Allow enabling SSL/TLS secure renegotiation support when initiated by
peer.

Signed-off-by: Markus Fuchs <markus.fuchs@de.sauter-bc.com>
This commit is contained in:
Markus Fuchs 2019-11-26 21:10:19 +01:00 committed by Jukka Rissanen
parent 67289d07fe
commit 2f982b3bc2
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
subsys/net/lib/sockets/sockets_tls.c
View file

@ -842,6 +842,13 @@ static int tls_mbedtls_init(struct net_context *context, bool is_server)
return -ENOMEM;
}
#if defined(MBEDTLS_SSL_RENEGOTIATION)
mbedtls_ssl_conf_legacy_renegotiation(&context->tls->config,
MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE);
mbedtls_ssl_conf_renegotiation(&context->tls->config,
MBEDTLS_SSL_RENEGOTIATION_ENABLED);
#endif
#if defined(CONFIG_NET_SOCKETS_ENABLE_DTLS)
if (type == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
/* DTLS requires timer callbacks to operate */