PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

API for finding out if handshake is over


Jan 30, 2018 10:46
Devchandra

Hi

Was looking for APi which tells if handshake is over. Misses to see but saw that mbedtls internally does

ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER

Will the team accept a new API like the following. API name can be changed, if required.


int mbedtls_ssl_is_handshake_done( const mbedtls_ssl_context ssl) {

    return (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER);
}

Similar API can be provider to find endpoint role(client or server)

 
Feb 5, 2018 15:06
Ron Eldor

Hi Devchandra,
Thank you for your suggestion. However, I don't see the rationale for these two new functions.
Since the application calls mbedtls_ssl_handshake(), once the function returns successfully, it knows the handshake is over.
In addition, the application itself initiates the ssl configuration as client or server, so the application knows whether it is a client or server.
Please give a justification for these two new functions.
Regards,
Mbed TLS Team member
Ron

 
Feb 5, 2018 17:29
Devchandra

Dear Ron In case event based TLS programming, whenever there is new data from network, we should know if handshake is over so that we can decide whether to call mbedtls_ssl_handshake_step or mbedtls_ssl_read.

In the current approach, user is required to either dig into codebase or some sample/example of how to check the handshake status. Making it an API will provide useful documentation and also enhance encapsulation.

For knowing the client/server role from mbedtls_ssl_context by looking at the call of mbedtls_ssl_config_defaults or ssl.conf->endpoint.Having dedicated API will help. I favor explicit APIs.

We can live with current approaches for getting role but the handshaking API, user like me will definitely appreciate it.

 
Feb 8, 2018 05:17
Joshua Hendrick

What language?