commit 20c7db3a678b840be578cd3e1a7044d20a23158d
author Johan Pascal <johan.pascal@belledonne-communications.com> Mon Oct 26 22:45:58 2020 +0100
committer Johan Pascal <johan.pascal@belledonne-communications.com> Thu Oct 29 01:14:50 2020 +0100
tree 28d8811377de154ffcb0be446ee48aa44f837ded
parent adbd9449ecad5ff011a3eb57cd2548900d421603

API modified so server side can get mki value
+ client side discards self mki if server does not support it

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index ddbe5ca..56a71c6 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1925,6 +1925,14 @@
                                         MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
     }
+
+    /* If server does not use mki in its reply, make sure the client won't keep
+     * one as negotiated */
+    if( len == 5 )
+    {
+        ssl->dtls_srtp_info.mki_len = 0;
+    }
+
     /*
      * RFC5764:
      *  If the client detects a nonzero-length MKI in the server's response