API modified so server side can get mki value
+ client side discards self mki if server does not support it
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 84082f3..398eb01 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -3257,7 +3257,8 @@
unsigned char *mki_value,
uint16_t mki_len );
/**
- * \brief Get the negotiated DTLS-SRTP Protection Profile.
+ * \brief Get the negotiated DTLS-SRTP informations:
+ * Protection profile and MKI value.
*
* \warning This function must be called after the handshake is
* completed. The value returned by this function must
@@ -3265,14 +3266,20 @@
*
* \param ssl The SSL context to query.
*
- * \return The DTLS SRTP protection profile in use. The return type is
- * a direct mapping of the iana defined value for protection
+ * \return The negotiated DTLS-SRTP informations:
+ * - Protection profile in use.
+ * A direct mapping of the iana defined value for protection
* profile on an uint16_t.
* http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
- * \return #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated
+ * #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated
* or peer's Hello packet was not parsed yet.
+ * - mki size and value (if size is > 0). These informations are valid only
+ * if the protection profile returned is not MBEDTLS_TLS_SRTP_UNSET.
+ * Ownership of the returned structure is kept by the ssl context,
+ * the caller must duplicate any information that must live longer than
+ * the context (typically MKI size and value if any)
*/
-mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile
+const mbedtls_dtls_srtp_info *mbedtls_ssl_get_dtls_srtp_negotiation_result
( const mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_DTLS_SRTP */