Fix #1053: ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED on HTTP endpoint vali…

…dation "*.logic.azure.com" because new random number is generated on second "Client Hello" (#1054) Port commit "Do not generate new random number while receiving HRR": Mbed-TLS/mbedtls@35178fe
ruuvi · May 14, 2024 · bbbcf78 · bbbcf78
1 parent 2e55e98
commit bbbcf78
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/components/mbedtls/mbedtls/library/ssl_client.c b/components/mbedtls/mbedtls/library/ssl_client.c
@@ -820,10 +820,15 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl)
         (ssl->handshake->cookie == NULL))
 #endif
     {
-        ret = ssl_generate_random(ssl);
-        if (ret != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, "Random bytes generation failed", ret);
-            return ret;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+        if (ssl->handshake->hello_retry_request_count == 0)
+#endif
+        {
+            ret = ssl_generate_random(ssl);
+            if (ret != 0) {
+                MBEDTLS_SSL_DEBUG_RET(1, "Random bytes generation failed", ret);
+                return ret;
+            }
         }
     }