From a61925fa513267564ccffc35c9e5a7282b4b5e21 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 10 Jul 2019 16:53:30 +0100
Subject: [PATCH] Don't send an alert when receiving a record of unknown
 ContentType

We don't send alerts on other instances of ill-formed records,
so why should we do it here? If we want to keep it, the alerts
should rather be sent ssl_get_next_record().
---
 library/ssl_tls.c | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c7f8e4858..343590206 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4772,17 +4772,6 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
     if( ssl_check_record_type( ssl->in_msgtype ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
-
-#if defined(MBEDTLS_SSL_PROTO_TLS)
-        /* Silently ignore invalid DTLS records as recommended by RFC 6347
-         * Section 4.1.2.7, that is, send alert only with TLS */
-        if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
-        {
-            mbedtls_ssl_pend_fatal_alert( ssl,
-                                MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        }
-#endif /* MBEDTLS_SSL_PROTO_TLS */
-
         return( MBEDTLS_ERR_SSL_INVALID_RECORD );
     }