Mbed-TLS/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-06-05 21:15:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

mbedtls_ssl_get_alert(): getter for fatal alerts

Browse Source 
Even though the TLS RFCs do not mandate libraries to expose *Error
Alerts* (as defined in RFC8446 6.2 for TLS 1.3 and in RFC5246 7.2.2 for
TLS 1.2) to the user, there are use cases when it is handy to get the
actual last received fatal error instead of a generic one. For instance
this enables the user to differ between received fatal errors in case
`mbedtls_ssl_handshake()`, `mbedtls_ssl_handshake_step()` or
`mbedtls_ssl_read()` returned `MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE`.

This changesets stores the last incoming fatal alert in
`mbedtls_ssl_context` and provides `mbedtls_ssl_get_alert()` as a getter
for retrieving it. Another option would be to provide a callback
mechanisms for all kinds of alerts (not only fatals) but for simplicity
I discarded this option.

Signed-off-by: Nico Geyso <ng@gsmk.de>
This commit is contained in:
Nico Geyso
2025-11-18 10:33:36 +01:00
parent abb0b22954
commit d589854611
6 changed files with 86 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ChangeLog.d/alert-getter.txt
+6
View File
@@ -0,0 +1,6 @@
Features
* Add the function mbedtls_ssl_get_alert() which returns the
last received fatal error alert type for a more generic
MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE return value from
mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step() or
mbedtls_ssl_read().