commit 84dfbf488acca39c08e9e74ee029b47678800646
author Ronald Cron <ronald.cron@arm.com> Wed Feb 14 10:38:09 2024 +0100
committer Ronald Cron <ronald.cron@arm.com> Thu Feb 15 17:19:14 2024 +0100
tree 7f5a55c059109a4982560d91627f85a988cb21db
parent 5fbd27055d15c8ac234a229389ff4e31977487a0

tls13: client: Add comment about early data in 2nd ClientHello

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_tls13_client.c

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index a055d4d..215c647 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1180,6 +1180,14 @@
 #endif
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
+    /* In the first ClientHello, write the early data indication extension if
+     * necessary and update the early data status.
+     * If an HRR has been received and thus we are currently writing the
+     * second ClientHello, the second ClientHello must not contain an early
+     * data extension and the early data status must stay as it is:
+     * MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT or
+     * MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED.
+     */
     if (!ssl->handshake->hello_retry_request_flag) {
         if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) &&
             ssl_tls13_early_data_has_valid_ticket(ssl) &&