From eb1bb3d2d0e69b01c7b1ada98a0a944eaccdcfed Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Mon, 4 Feb 2019 10:43:40 +0100 Subject: [PATCH 1/6] Reword ssl_conf_max_frag_len documentation to clarify its necessity --- include/mbedtls/ssl.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 135be0501..86ada47dd 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2755,13 +2755,18 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) /** * \brief Set the maximum fragment length to emit and/or negotiate - * (Default: the smaller of MBEDTLS_SSL_IN_CONTENT_LEN and + * (Typical: the smaller of MBEDTLS_SSL_IN_CONTENT_LEN and * MBEDTLS_SSL_OUT_CONTENT_LEN, usually 2^14 bytes) * (Server: set maximum fragment length to emit, - * usually negotiated by the client during handshake + * usually negotiated by the client during handshake) * (Client: set maximum fragment length to emit *and* * negotiate with the server during handshake) * + * \note By default the \c mfl_code field ofthe \c mbedtls_ssl_config + * structure is equal `0 == MBEDTLS_SSL_MAX_FRAG_LEN_NONE`. + * This means the max fragment length extension *will not* be + * used unless set to other value via this function. + * * \note With TLS, this currently only affects ApplicationData (sent * with \c mbedtls_ssl_read()), not handshake messages. * With DTLS, this affects both ApplicationData and handshake. From 61aa74fb3d37382475e90ba584bacab13d66038e Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 5 Feb 2019 16:49:33 +0100 Subject: [PATCH 2/6] Fix typos and miswording in the mbedtls_ssl_conf_max_frag_len documentation comment --- include/mbedtls/ssl.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 86ada47dd..07ecba7d4 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2762,10 +2762,10 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, * (Client: set maximum fragment length to emit *and* * negotiate with the server during handshake) * - * \note By default the \c mfl_code field ofthe \c mbedtls_ssl_config - * structure is equal `0 == MBEDTLS_SSL_MAX_FRAG_LEN_NONE`. - * This means the max fragment length extension *will not* be - * used unless set to other value via this function. + * \note By default the \c mfl_code field of the \c mbedtls_ssl_config + * structure is equal to `0 == MBEDTLS_SSL_MAX_FRAG_LEN_NONE`. + * This means the maximum fragment length extension *will not* + * be used unless set to another value via this function. * * \note With TLS, this currently only affects ApplicationData (sent * with \c mbedtls_ssl_read()), not handshake messages. From db850c63b2db10fc437c2095a9d7d9a4acd99147 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Wed, 6 Feb 2019 12:51:45 +0100 Subject: [PATCH 3/6] Reword ssl_conf_max_frag_len documentation --- include/mbedtls/ssl.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 07ecba7d4..ba3592a05 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2764,8 +2764,9 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, * * \note By default the \c mfl_code field of the \c mbedtls_ssl_config * structure is equal to `0 == MBEDTLS_SSL_MAX_FRAG_LEN_NONE`. - * This means the maximum fragment length extension *will not* - * be used unless set to another value via this function. + * Therefore, the maximum fragment length extension *will not* + * be used, unless the maximum fragment length has been set to a + * different value via this function. * * \note With TLS, this currently only affects ApplicationData (sent * with \c mbedtls_ssl_read()), not handshake messages. From 6d72212d453e58a2e22d263900c9d51d0d3dc00b Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Fri, 8 Feb 2019 17:03:33 +0100 Subject: [PATCH 4/6] Improve clarity of mbedtls_ssl_conf_max_frag_len documentation --- include/mbedtls/ssl.h | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ba3592a05..b6a20ef55 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2754,19 +2754,18 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) /** - * \brief Set the maximum fragment length to emit and/or negotiate - * (Typical: the smaller of MBEDTLS_SSL_IN_CONTENT_LEN and - * MBEDTLS_SSL_OUT_CONTENT_LEN, usually 2^14 bytes) + * \brief Set the maximum fragment length to emit and/or negotiate. + * (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and + * #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes) * (Server: set maximum fragment length to emit, * usually negotiated by the client during handshake) * (Client: set maximum fragment length to emit *and* * negotiate with the server during handshake) * - * \note By default the \c mfl_code field of the \c mbedtls_ssl_config - * structure is equal to `0 == MBEDTLS_SSL_MAX_FRAG_LEN_NONE`. - * Therefore, the maximum fragment length extension *will not* - * be used, unless the maximum fragment length has been set to a - * different value via this function. + * \note On the client side, the maximum fragment length extension + * *will not* be used, unless the maximum fragment length has + * been set via this function to a value different than + * #MBEDTLS_SSL_MAX_FRAG_LEN_NONE. * * \note With TLS, this currently only affects ApplicationData (sent * with \c mbedtls_ssl_read()), not handshake messages. From abdf1c608e8bc7e613e35aa77f4ebf2905e4fed6 Mon Sep 17 00:00:00 2001 From: Krzysztof Stachowiak Date: Thu, 25 Apr 2019 16:07:37 +0200 Subject: [PATCH 5/6] Document the default value for the maximum fragment length --- include/mbedtls/ssl.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b6a20ef55..4b4830224 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2761,6 +2761,7 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, * usually negotiated by the client during handshake) * (Client: set maximum fragment length to emit *and* * negotiate with the server during handshake) + * (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE) * * \note On the client side, the maximum fragment length extension * *will not* be used, unless the maximum fragment length has From 35d3ec01a88c98cb6108450042fdaeb181e362c3 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Mon, 13 May 2019 12:11:49 +0200 Subject: [PATCH 6/6] Update change log --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 58ff14734..813908c07 100644 --- a/ChangeLog +++ b/ChangeLog @@ -48,6 +48,8 @@ Changes Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309. * Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh. Contributed by Peter Kolbus (Garmin). + * Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to + improve clarity. Fixes #2258. = mbed TLS 2.17.0 branch released 2019-03-19