Merge remote-tracking branch 'upstream-public/pr/1455' into mbedtls-2.1-restricted-proposed
diff --git a/ChangeLog b/ChangeLog
index e24eb25..9a40ead 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -54,6 +54,7 @@
overflow. #1179
* Fix memory allocation corner cases in memory_buffer_alloc.c module. Found
by Guido Vranken. #639
+ * Log correct number of ciphersuites used in Client Hello message. #918
* Fix the entropy.c module to ensure that mbedtls_sha256_init() or
mbedtls_sha512_init() is called before operating on the relevant context
structure. Do not assume that zeroizing a context is a correct way to
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index c0c424b..415c506 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -811,6 +811,8 @@
*p++ = (unsigned char)( ciphersuites[i] );
}
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
+
/*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/
@@ -818,6 +820,7 @@
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
#endif
{
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO );
n++;
@@ -837,8 +840,6 @@
*q++ = (unsigned char)( n >> 7 );
*q++ = (unsigned char)( n << 1 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
-
#if defined(MBEDTLS_ZLIB_SUPPORT)
offer_compress = 1;
#else