API modified so server side can get mki value

+ client side discards self mki if server does not support it

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
This commit is contained in:
Johan Pascal 2020-10-26 22:45:58 +01:00
parent adbd9449ec
commit 20c7db3a67
6 changed files with 63 additions and 10 deletions

View file

@ -3257,7 +3257,8 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
unsigned char *mki_value,
uint16_t mki_len );
/**
* \brief Get the negotiated DTLS-SRTP Protection Profile.
* \brief Get the negotiated DTLS-SRTP informations:
* Protection profile and MKI value.
*
* \warning This function must be called after the handshake is
* completed. The value returned by this function must
@ -3265,14 +3266,20 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
*
* \param ssl The SSL context to query.
*
* \return The DTLS SRTP protection profile in use. The return type is
* a direct mapping of the iana defined value for protection
* \return The negotiated DTLS-SRTP informations:
* - Protection profile in use.
* A direct mapping of the iana defined value for protection
* profile on an uint16_t.
* http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
* \return #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated
* #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated
* or peer's Hello packet was not parsed yet.
* - mki size and value (if size is > 0). These informations are valid only
* if the protection profile returned is not MBEDTLS_TLS_SRTP_UNSET.
* Ownership of the returned structure is kept by the ssl context,
* the caller must duplicate any information that must live longer than
* the context (typically MKI size and value if any)
*/
mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile
const mbedtls_dtls_srtp_info *mbedtls_ssl_get_dtls_srtp_negotiation_result
( const mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_DTLS_SRTP */