Merge pull request #4801 from hanno-arm/ssl_session_exported_private
Explicitly mark fields as private via MBEDTLS_PRIVATE(...)
diff --git a/ChangeLog.d/session_export_private.txt b/ChangeLog.d/session_export_private.txt
new file mode 100644
index 0000000..5475824
--- /dev/null
+++ b/ChangeLog.d/session_export_private.txt
@@ -0,0 +1,5 @@
+Changes
+ * Explicitly mark the fields mbedtls_ssl_session.exported and
+ mbedtls_ssl_config.respect_cli_pref as private. This was an
+ oversight during the run-up to the release of Mbed TLS 3.0.
+ The fields were never intended to be public.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 3a14a58..610aa14 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -925,7 +925,7 @@
unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */
- unsigned char exported;
+ unsigned char MBEDTLS_PRIVATE(exported);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
@@ -1214,7 +1214,7 @@
#if defined(MBEDTLS_SSL_SRV_C)
unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in
Certificate Request messages? */
- unsigned int respect_cli_pref : 1; /*!< pick the ciphersuite according to
+ unsigned int MBEDTLS_PRIVATE(respect_cli_pref) : 1; /*!< pick the ciphersuite according to
the client's preferences rather
than ours */
#endif