len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-12-23 11:09:28 -05:00
Code Issues Projects Releases Packages Wiki Activity

Configure maximum fragment length extension. (#350)

Browse source
This commit is contained in:
Carl Lundin 2020-10-18 16:57:47 -07:00 committed by GitHub
parent 60ac51d7f1
commit 2eed409577
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 42 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

21
FreeRTOS-Plus/Source/Application-Protocols/platform/freertos/transport/src/tls_freertos.c
View file

@ -402,6 +402,27 @@ static void setOptionalConfigurations( SSLContext_t * pSslContext,
mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) ); mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) );
} }
} }
/* Set Maximum Fragment Length if enabled. */
#ifdef MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
if( 0 == mbedtlsError )
{
/* Enable the max fragment extension. 4096 bytes is currently the largest fragment size permitted.
* See RFC 8449 https://tools.ietf.org/html/rfc8449 for more information.
*
* Smaller values can be found in "mbedtls/include/ssl.h".
*/
mbedtlsError = mbedtls_ssl_conf_max_frag_len( &( pSslContext->config ), MBEDTLS_SSL_MAX_FRAG_LEN_4096 );
if( mbedtlsError != 0 )
{
LogError( ( "Failed to maximum fragment length extension: mbedTLSError= %s : %s.",
mbedtlsHighLevelCodeOrDefault( mbedtlsError ),
mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) );
}
}
#endif
} }
/*-----------------------------------------------------------*/ /*-----------------------------------------------------------*/

21
FreeRTOS-Plus/Source/Application-Protocols/platform/freertos/transport/src/tls_freertos_pkcs11.c
View file

@ -393,6 +393,27 @@ static TlsTransportStatus_t tlsSetup( NetworkContext_t * pNetworkContext,
} }
} }
/* Set Maximum Fragment Length if enabled. */
#ifdef MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
if( returnStatus == TLS_TRANSPORT_SUCCESS )
{
/* Enable the max fragment extension. 4096 bytes is currently the largest fragment size permitted.
* See RFC 8449 https://tools.ietf.org/html/rfc8449 for more information.
*
* Smaller values can be found in "mbedtls/include/ssl.h".
*/
mbedtlsError = mbedtls_ssl_conf_max_frag_len( &( pNetworkContext->sslContext.config ), MBEDTLS_SSL_MAX_FRAG_LEN_4096 );
if( mbedtlsError != 0 )
{
LogError( ( "Failed to maximum fragment length extension: mbedTLSError= %s : %s.",
mbedtlsHighLevelCodeOrDefault( mbedtlsError ),
mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) );
returnStatus = TLS_TRANSPORT_INTERNAL_ERROR;
}
}
#endif
if( returnStatus == TLS_TRANSPORT_SUCCESS ) if( returnStatus == TLS_TRANSPORT_SUCCESS )
{ {
/* Perform the TLS handshake. */ /* Perform the TLS handshake. */