Add access to some fields of mbedtls_ssl_ticket
#5421
Labels
good-first-issue
Good for newcomers
help-wanted
This issue is not being actively worked on, but PRs welcome.
size-s
Estimated task size: small (~2d)
Since 3.0, all fields of
mbedtls_ssl_ticket_key
andmbedtls_ssl_ticket_context
are now private. It turns out some applications where accessing them (originally reported in #5331):It should be noted that
ssl_ticket.c
is only loosely coupled with the code TLS code, and applications who wish to modify how ticket protection is handled are free to write their own implementation of the callbacks passed tombedtls_ssl_conf_session_tickets_cb()
, and use their own data structures, to which they have full access.However, in that instance it looks like the application only wants to slightly extend key management, so writing a full replacement to
ssl_ticket.c
would be a bit much for the task at hand, and it is desirable to allow applications to re-use most ofssl_ticket.c
but just modifying the bits they need by accessing struct fields.Adding direct read and write access to most fields of the structures involved is probably the simplest solution, with one exception: we don't want to expose the
mbedtls_cipher_context_t
member directly, as it's soon going to be replaced by apsa_key_id_t
(as least whenMBEDTLS_USE_PSA_CRYPTO
is enabled), see #5203. So, instead of direct field access, we should provide setter and getter functions for the key material.The text was updated successfully, but these errors were encountered: