PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

API for finding out if handshake is over

Jan 30, 2018 10:46


Was looking for APi which tells if handshake is over. Misses to see but saw that mbedtls internally does


Will the team accept a new API like the following. API name can be changed, if required.

int mbedtls_ssl_is_handshake_done( const mbedtls_ssl_context ssl) {

    return (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER);

Similar API can be provider to find endpoint role(client or server)

Feb 5, 2018 15:06
Ron Eldor

Hi Devchandra,
Thank you for your suggestion. However, I don't see the rationale for these two new functions.
Since the application calls mbedtls_ssl_handshake(), once the function returns successfully, it knows the handshake is over.
In addition, the application itself initiates the ssl configuration as client or server, so the application knows whether it is a client or server.
Please give a justification for these two new functions.
Mbed TLS Team member

Feb 5, 2018 17:29

Dear Ron In case event based TLS programming, whenever there is new data from network, we should know if handshake is over so that we can decide whether to call mbedtls_ssl_handshake_step or mbedtls_ssl_read.

In the current approach, user is required to either dig into codebase or some sample/example of how to check the handshake status. Making it an API will provide useful documentation and also enhance encapsulation.

For knowing the client/server role from mbedtls_ssl_context by looking at the call of mbedtls_ssl_config_defaults or ssl.conf->endpoint.Having dedicated API will help. I favor explicit APIs.

We can live with current approaches for getting role but the handshaking API, user like me will definitely appreciate it.

Feb 8, 2018 05:17
Joshua Hendrick

What language?