This affects users manually checking for the following error codes:
MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH should never be returned from Mbed TLS, and there is no need to check for it.
Users should simply remove manual checks for those codes, and let the Mbed TLS team know if -- contrary to the team's understanding -- there is in fact a situation where one of them was ever returned.
MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE has been removed, and
MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL is returned instead if the user's own certificate is too large to fit into the output buffers.
Users should check for
MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL instead, and potentially compare the size of their own certificate against the configured size of the output buffer to understand if the error is due to an overly large certificate.
MBEDTLS_ERR_SSL_BAD_HS_XXX error code have been removed.
Users should check for the newly introduced generic error codes