ChangeLog.d/verify-result-default-value.txt

Changes
   * Harden mbedtls_ssl_get_verify_result() against misuse.
     If the handshake has not yet been attempted, return -1u to indicate
     that the result is not available. Previously the result of verification
     was zero-initialized so the function would return 0 (indicating success).
Add ChangeLog entry for verify_result hardening Signed-off-by: David Horstmann <david.horstmann@arm.com> 2025-10-08 10:49:24 +01:00			`Changes`
			`* Harden mbedtls_ssl_get_verify_result() against misuse.`
Reword ChangeLog entry We do not return failure, but return -1u which is documented as a value that indicates that the result is not available. Signed-off-by: David Horstmann <david.horstmann@arm.com> 2026-02-16 16:18:01 +00:00			`If the handshake has not yet been attempted, return -1u to indicate`
			`that the result is not available. Previously the result of verification`
			`was zero-initialized so the function would return 0 (indicating success).`