Document code silently discarding invalid records

commit: 01692531c6c624524aa9736c2b174a84c4873ef7 [log] [tgz]
author: Andres Amaya Garcia <andres.amayagarcia@arm.com> Wed Jun 28 09:26:46 2017 +0100
committer: Simon Butcher <simon.butcher@arm.com> Thu Sep 14 20:20:31 2017 +0100
tree: 5c7226607f086df3c1ac5c1ad9017cff2a12ec8a
parent: f569f701c225770688041c114f81dd3f09be5404 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7dd55bf..b388156 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -3495,6 +3495,8 @@
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
+        /* Silently ignore invalid DTLS records as recommended by RFC 6347
+         * Section 4.1.2.7 */
         if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
             mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
commit	01692531c6c624524aa9736c2b174a84c4873ef7	[log] [tgz]
author	Andres Amaya Garcia <andres.amayagarcia@arm.com>	Wed Jun 28 09:26:46 2017 +0100
committer	Simon Butcher <simon.butcher@arm.com>	Thu Sep 14 20:20:31 2017 +0100
tree	5c7226607f086df3c1ac5c1ad9017cff2a12ec8a
parent	f569f701c225770688041c114f81dd3f09be5404 [diff] [blame]