Merge pull request #265 from ARMmbed/iotssl-460-bugfixes
Iotssl 460 bugfixes
diff --git a/ChangeLog b/ChangeLog
index 4c600e3..ba6ffbb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -42,6 +42,10 @@
* It is now possible to #include a user-provided configuration file at the
end of the default config.h by defining MBEDTLS_USER_CONFIG_FILE on the
compiler's command line.
+ * Prepend a "thread identifier" to debug messages (issue pointed out by
+ Hugo Leisink) (#210).
+ * Add mbedtls_ssl_get_max_frag_len() to query the current maximum fragment
+ length.
= mbed TLS 2.0.0 released 2015-07-13
diff --git a/README.rst b/README.rst
index 8f5cac7..ceb92c4 100644
--- a/README.rst
+++ b/README.rst
@@ -28,6 +28,8 @@
- a more minimalistic configuration file is used by default
- depending on the yotta target, features of mbed OS will be used in examples and tests
+The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using `dlopen()`, you'll need to load `libmbedcrypto` first, then `libmbedx509`, before you can load `libmbedtls`.
+
Yotta
-----
@@ -77,7 +79,7 @@
In order to build for a Windows platform, you should use WINDOWS_BUILD=1 if the target is Windows but the build environment is Unix-like (for instance when cross-compiling, or compiling from an MSYS shell), and WINDOWS=1 if the build environment is a Windows shell (for instance using mingw32-make) (in that case some targets will not be available).
-Setting the variable SHARED in your environment will build a shared library in addition to the static library. Setting DEBUG gives you a debug build. You can override CFLAGS and LDFLAGS by setting them in your environment or on the make command line; if you do so, essential parts such as -I will still be preserved. Warning options may be overridden separately using WARNING_CFLAGS.
+Setting the variable SHARED in your environment will build shared libraries in addition to the static libraries. Setting DEBUG gives you a debug build. You can override CFLAGS and LDFLAGS by setting them in your environment or on the make command line; if you do so, essential parts such as -I will still be preserved. Warning options may be overridden separately using WARNING_CFLAGS.
Depending on your platform, you might run into some issues. Please check the Makefiles in *library/*, *programs/* and *tests/* for options to manually add or remove for specific platforms. You can also check `the mbed TLS Knowledge Base <https://tls.mbed.org/kb>`_ for articles on your platform or issue.
@@ -89,13 +91,24 @@
In order to build the source using CMake, just enter at the command line::
cmake .
-
make
+In order to run the tests, enter::
+
+ make test
+
The test suites need Perl to be built. If you don't have Perl installed, you'll want to disable the test suites with::
cmake -DENABLE_TESTING=Off .
+If you disabled the test suites, but kept the programs enabled, you can still run a much smaller set of tests with::
+
+ programs/test/selftest
+
+To configure CMake for building shared libraries, use::
+
+ cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
+
There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific:
- Release.
@@ -121,23 +134,19 @@
This activates the compiler warnings that depend on optimization and treats
all warnings as errors.
-Switching build modes in CMake is simple. For debug mode, enter at the command line:
+Switching build modes in CMake is simple. For debug mode, enter at the command line::
- cmake -D CMAKE_BUILD_TYPE:String="Debug" .
+ cmake -D CMAKE_BUILD_TYPE=Debug .
+
+To list other available CMake options, use::
+
+ cmake -LH
Note that, with CMake, if you want to change the compiler or its options after you already ran CMake, you need to clear its cache first, eg (using GNU find)::
find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
CC=gcc CFLAGS='-fstack-protector-strong -Wa,--noexecstack' cmake .
-In order to run the tests, enter::
-
- make test
-
-If you disabled the test suites, but kept the progams enabled, you can still run a much smaller set of tests with::
-
- programs/test/selftest
-
Microsoft Visual Studio
-----------------------
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 376de6f..17271c1 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2399,7 +2399,7 @@
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
/* SSL options */
-//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
+//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 4f526d4..d051035 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -220,7 +220,9 @@
#endif
/*
- * Size of the input / output buffer.
+ * Maxium fragment length in bytes,
+ * determines the size of each of the two internal I/O buffers.
+ *
* Note: the RFC defines the default size of SSL / TLS messages. If you
* change the value here, other clients / servers may not be able to
* communicate with you anymore. Only change this value if you control
@@ -2025,6 +2027,26 @@
*/
int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+/**
+ * \brief Return the maximum fragment length (payload, in bytes).
+ * This is the value negotiated with peer if any,
+ * or the locally configured value.
+ *
+ * \note With DTLS, \c mbedtls_ssl_write() will return an error if
+ * called with a larger length value.
+ * With TLS, \c mbedtls_ssl_write() will fragment the input if
+ * necessary and return the number of bytes written; it is up
+ * to the caller to call \c mbedtls_ssl_write() again in
+ * order to send the remaining bytes if any.
+ *
+ * \param ssl SSL context
+ *
+ * \return Current maximum fragment length.
+ */
+size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* \brief Return the peer certificate from the current connection
@@ -2122,26 +2144,33 @@
int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
/**
- * \brief Write exactly 'len' application data bytes
+ * \brief Try to write exactly 'len' application data bytes
+ *
+ * \warning This function will do partial writes in some cases. If the
+ * return value is non-negative but less than length, the
+ * function must be called again with updated arguments:
+ * buf + ret, len - ret (if ret is the return value) until
+ * it returns a value equal to the last 'len' argument.
*
* \param ssl SSL context
* \param buf buffer holding the data
* \param len how many bytes must be written
*
- * \return the number of bytes written,
- * or a negative error code.
+ * \return the number of bytes actually written (may be less than len),
+ * or MBEDTLS_ERR_SSL_WANT_WRITE of MBEDTLS_ERR_SSL_WANT_READ,
+ * or another negative error code.
*
- * \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE,
+ * \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
* it must be called later with the *same* arguments,
* until it returns a positive value.
*
* \note If the requested length is greater than the maximum
* fragment length (either the built-in limit or the one set
* or negotiated with the peer), then:
- * - with TLS, less bytes than requested are written. (In
- * order to write larger messages, this function should be
- * called in a loop.)
+ * - with TLS, less bytes than requested are written.
* - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
+ * \c mbedtls_ssl_get_max_frag_len() may be used to query the
+ * active maximum fragment length.
*/
int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
diff --git a/library/debug.c b/library/debug.c
index 2220e33..f9b8229 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -43,6 +43,10 @@
#define mbedtls_snprintf snprintf
#endif
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && !defined(inline)
+#define inline __inline
+#endif
+
#define DEBUG_BUF_SIZE 512
static int debug_threshold = 0;
@@ -52,6 +56,27 @@
debug_threshold = threshold;
}
+/*
+ * All calls to f_dbg must be made via this function
+ */
+static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *str )
+{
+ /*
+ * If in a threaded environment, we need a thread identifier.
+ * Since there is no portable way to get one, use the address of the ssl
+ * context instead, as it shouldn't be shared between threads.
+ */
+#if defined(MBEDTLS_THREADING_C)
+ char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */
+ mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", ssl, str );
+ ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr );
+#else
+ ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
+#endif
+}
+
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *format, ... )
@@ -86,7 +111,7 @@
str[ret + 1] = '\0';
}
- ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
+ debug_send_line( ssl, level, file, line, str );
}
void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
@@ -109,7 +134,7 @@
mbedtls_snprintf( str, sizeof( str ), "%s() returned %d (-0x%04x)\n",
text, ret, -ret );
- ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
+ debug_send_line( ssl, level, file, line, str );
}
void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
@@ -126,7 +151,7 @@
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "dumping '%s' (%u bytes)\n",
text, (unsigned int) len );
- ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
+ debug_send_line( ssl, level, file, line, str );
idx = 0;
memset( txt, 0, sizeof( txt ) );
@@ -140,7 +165,7 @@
if( i > 0 )
{
mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %s\n", txt );
- ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
+ debug_send_line( ssl, level, file, line, str );
idx = 0;
memset( txt, 0, sizeof( txt ) );
@@ -162,7 +187,7 @@
idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " " );
mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %s\n", txt );
- ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
+ debug_send_line( ssl, level, file, line, str );
}
}
@@ -207,7 +232,7 @@
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "value of '%s' (%d bits) is:\n",
text, (int) ( ( n * ( sizeof(mbedtls_mpi_uint) << 3 ) ) + j + 1 ) );
- ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
+ debug_send_line( ssl, level, file, line, str );
idx = 0;
for( i = n + 1, j = 0; i > 0; i-- )
@@ -227,7 +252,7 @@
if( j > 0 )
{
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
- ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
+ debug_send_line( ssl, level, file, line, str );
idx = 0;
}
}
@@ -244,7 +269,7 @@
idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " 00" );
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
- ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
+ debug_send_line( ssl, level, file, line, str );
}
#endif /* MBEDTLS_BIGNUM_C */
@@ -261,7 +286,7 @@
if( mbedtls_pk_debug( pk, items ) != 0 )
{
- ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line,
+ debug_send_line( ssl, level, file, line,
"invalid PK context\n" );
return;
}
@@ -282,7 +307,7 @@
mbedtls_debug_print_ecp( ssl, level, file, line, name, items[i].value );
else
#endif
- ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line,
+ debug_send_line( ssl, level, file, line,
"should not happen\n" );
}
}
@@ -305,7 +330,7 @@
memcpy( str, start, len );
str[len] = '\0';
- ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
+ debug_send_line( ssl, level, file, line, str );
start = cur + 1;
}
@@ -327,7 +352,7 @@
char buf[1024];
mbedtls_snprintf( str, sizeof( str ), "%s #%d:\n", text, ++i );
- ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
+ debug_send_line( ssl, level, file, line, str );
mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
debug_print_line_by_line( ssl, level, file, line, buf );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 793d241..bff1b63 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3716,6 +3716,9 @@
{
int ret;
+ if( ssl == NULL || ssl->conf == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
@@ -5867,6 +5870,29 @@
return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) );
}
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
+{
+ size_t max_len;
+
+ /*
+ * Assume mfl_code is correct since it was checked when set
+ */
+ max_len = mfl_code_to_length[ssl->conf->mfl_code];
+
+ /*
+ * Check if a smaller max length was negotiated
+ */
+ if( ssl->session_out != NULL &&
+ mfl_code_to_length[ssl->session_out->mfl_code] < max_len )
+ {
+ max_len = mfl_code_to_length[ssl->session_out->mfl_code];
+ }
+
+ return max_len;
+}
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
{
@@ -5899,6 +5925,9 @@
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ if( ssl == NULL || ssl->conf == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
#if defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
ret = mbedtls_ssl_handshake_client_step( ssl );
@@ -5918,6 +5947,9 @@
{
int ret = 0;
+ if( ssl == NULL || ssl->conf == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
@@ -6013,6 +6045,9 @@
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ if( ssl == NULL || ssl->conf == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
#if defined(MBEDTLS_SSL_SRV_C)
/* On server, just send the request */
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
@@ -6090,6 +6125,9 @@
int ret, record_read = 0;
size_t n;
+ if( ssl == NULL || ssl->conf == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -6344,23 +6382,7 @@
{
int ret;
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- unsigned int max_len;
-#endif
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- /*
- * Assume mfl_code is correct since it was checked when set
- */
- max_len = mfl_code_to_length[ssl->conf->mfl_code];
-
- /*
- * Check if a smaller max length was negotiated
- */
- if( ssl->session_out != NULL &&
- mfl_code_to_length[ssl->session_out->mfl_code] < max_len )
- {
- max_len = mfl_code_to_length[ssl->session_out->mfl_code];
- }
+ size_t max_len = mbedtls_ssl_get_max_frag_len( ssl );
if( len > max_len )
{
@@ -6449,6 +6471,9 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) );
+ if( ssl == NULL || ssl->conf == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
{
@@ -6484,6 +6509,9 @@
{
int ret;
+ if( ssl == NULL || ssl->conf == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
if( ssl->out_left != 0 )
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 2e0ac1e..c60e710 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1240,6 +1240,11 @@
else
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ mbedtls_printf( " [ Maximum fragment length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
+#endif
+
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
{
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index ce76693..86b744e 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1946,6 +1946,11 @@
else
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ mbedtls_printf( " [ Maximum fragment length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
+#endif
+
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
{
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index dadadf5..77db588 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1085,6 +1085,8 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
0 \
+ -c "Maximum fragment length is 16384" \
+ -s "Maximum fragment length is 16384" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -1094,6 +1096,8 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
+ -c "Maximum fragment length is 4096" \
+ -s "Maximum fragment length is 4096" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -1103,6 +1107,8 @@
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3" \
0 \
+ -c "Maximum fragment length is 16384" \
+ -s "Maximum fragment length is 4096" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -1113,6 +1119,7 @@
"$G_SRV" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
+ -c "Maximum fragment length is 4096" \
-c "client hello, adding max_fragment_length extension" \
-c "found max_fragment_length extension"
@@ -1120,6 +1127,8 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
0 \
+ -c "Maximum fragment length is 2048" \
+ -s "Maximum fragment length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -1131,6 +1140,8 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
0 \
+ -c "Maximum fragment length is 2048" \
+ -s "Maximum fragment length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -1143,6 +1154,8 @@
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
1 \
+ -c "Maximum fragment length is 2048" \
+ -s "Maximum fragment length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3233,6 +3246,7 @@
-c "HTTP/1.0 200 OK"
needs_more_time 6
+not_with_valgrind # risk of non-mbedtls peer timing out
run_test "DTLS proxy: 3d, openssl server" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_SRV -dtls1 -mtu 2048" \
@@ -3241,6 +3255,7 @@
-c "HTTP/1.0 200 OK"
needs_more_time 8
+not_with_valgrind # risk of non-mbedtls peer timing out
run_test "DTLS proxy: 3d, openssl server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_SRV -dtls1 -mtu 768" \
@@ -3249,6 +3264,7 @@
-c "HTTP/1.0 200 OK"
needs_more_time 8
+not_with_valgrind # risk of non-mbedtls peer timing out
run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_SRV -dtls1 -mtu 768" \
@@ -3258,6 +3274,7 @@
requires_gnutls
needs_more_time 6
+not_with_valgrind # risk of non-mbedtls peer timing out
run_test "DTLS proxy: 3d, gnutls server" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_SRV -u --mtu 2048 -a" \
@@ -3268,6 +3285,7 @@
requires_gnutls
needs_more_time 8
+not_with_valgrind # risk of non-mbedtls peer timing out
run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_SRV -u --mtu 512" \
@@ -3278,6 +3296,7 @@
requires_gnutls
needs_more_time 8
+not_with_valgrind # risk of non-mbedtls peer timing out
run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_SRV -u --mtu 512" \
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index 3c77ca5..98f98b0 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -25,6 +25,11 @@
*p++ = ':';
*p++ = ' ';
+#if defined(MBEDTLS_THREADING_C)
+ /* Skip "thread ID" (up to the first space) as it is not predictable */
+ while( *str++ != ' ' );
+#endif
+
memcpy( p, str, strlen( str ) );
p += strlen( str );
diff --git a/yotta/data/module.json b/yotta/data/module.json
index 6ed20ff..6add393 100644
--- a/yotta/data/module.json
+++ b/yotta/data/module.json
@@ -1,6 +1,6 @@
{
"name": "mbedtls",
- "version": "2.0.5",
+ "version": "2.0.6",
"description": "The mbed TLS crypto/SSL/TLS library",
"private": true,
"license": "GPL-2.0",
