Make SSL error code more generic

It's undesirable to have users of the SSL layer check for an error code specific to a lower-level layer, both out of general layering principles, and also because if we later make another crypto module gain resume capabilities, we would need to change the contract again (checking for a new module-specific error code).
2026-02-19 00:39:46 +00:00 · 2018-06-13 12:02:12 +02:00
parent b5d668a7a7
commit 558da9c3fe
6 changed files with 34 additions and 11 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1516,7 +1516,7 @@ int main( int argc, char *argv[] )
    {
        if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
            ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
-            ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+            ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
        {
            mbedtls_printf( " failed\n  ! mbedtls_ssl_handshake returned -0x%x\n",
                            -ret );
@@ -1533,7 +1533,7 @@ int main( int argc, char *argv[] )
        }

 #if defined(MBEDTLS_ECP_RESTARTABLE)
-            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+            if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
                continue;
 #endif

@@ -1630,7 +1630,7 @@ int main( int argc, char *argv[] )
        {
            if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
                ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
-                ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+                ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
            {
                mbedtls_printf( " failed\n  ! mbedtls_ssl_renegotiate returned %d\n\n",
                                ret );
@@ -1695,7 +1695,7 @@ send_request:
            {
                if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
                    ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
-                    ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+                    ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
                {
                    mbedtls_printf( " failed\n  ! mbedtls_ssl_write returned -0x%x\n\n",
                                    -ret );
@@ -1721,7 +1721,7 @@ send_request:
            ret = mbedtls_ssl_write( &ssl, buf, len );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
-            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+            if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
                continue;
 #endif

@@ -1779,7 +1779,7 @@ send_request:
            ret = mbedtls_ssl_read( &ssl, buf, len );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
-            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+            if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
                continue;
 #endif

@@ -1844,7 +1844,7 @@ send_request:
            ret = mbedtls_ssl_read( &ssl, buf, len );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
-            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+            if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
                continue;
 #endif

@@ -1911,7 +1911,7 @@ send_request:
        {
            if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
                ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
-                ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+                ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
            {
                mbedtls_printf( " failed\n  ! mbedtls_ssl_handshake returned -0x%x\n\n",
                                -ret );
@@ -2010,7 +2010,7 @@ reconnect:
        {
            if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
                ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
-                ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+                ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
            {
                mbedtls_printf( " failed\n  ! mbedtls_ssl_handshake returned -0x%x\n\n",
                                -ret );