Merge branch 'origin/master' into fargo

Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

api/oc_buffer.c

@@ -144,11 +144,18 @@ oc_send_message(oc_message_t *message)
 
 #ifdef OC_SECURITY
 void
-oc_close_all_tls_sessions(size_t device)
+oc_close_all_tls_sessions_for_device(size_t device)
 {
   oc_process_post(&message_buffer_handler, oc_events[TLS_CLOSE_ALL_SESSIONS],
                   (oc_process_data_t)device);
 }
+
+void
+oc_close_all_tls_sessions(void)
+{
+  oc_process_poll(&(oc_tls_handler));
+  _oc_signal_event_loop();
+}
 #endif /* OC_SECURITY */
 
 OC_PROCESS_THREAD(message_buffer_handler, ev, data)

api/oc_collection.c

@@ -932,7 +932,8 @@ oc_handle_collection_request(oc_method_t method, oc_request_t *request,
         }
       } break;
       default:
-        break;
+        ecode = oc_status_code(OC_STATUS_BAD_REQUEST);
+        goto processed_request;
       }
       rep = rep->next;
     }

include/oc_api.h

@@ -149,7 +149,43 @@ typedef struct
 #endif /* OC_CLIENT */
 } oc_handler_t;
 
+/**
+ * Callback invoked during oc_init_platform(). The purpose is to add any
+ * additional platform properties that are not supplied to oc_init_platform()
+ * function call.
+ *
+ * Example:
+ * ```
+ * static void set_additional_platform_properties(void *data)
+ * {
+ *   (void)data;
+ *   // Manufactures Details Link
+ *   oc_set_custom_platform_property(mnml,
+ * "http://www.example.com/manufacture");
+ *   // Model Number
+ *   oc_set_custom_platform_property(mnmo, "Model No1");
+ *   // Date of Manufacture
+ *   oc_set_custom_platform_property(mndt,"2020/01/17");
+ *   //Serial Number
+ *   oc_set_custom_platform_property(mnsel, "1234567890");
+ * }
+ *
+ * static int app_init(void)
+ * {
+ *   int ret = oc_init_platform("My Platform",
+ * set_additional_platform_properties, NULL); ret |= oc_add_device("/oic/d",
+ * "oic.d.light", "My light", "ocf.1.0.0", "ocf.res.1.0.0", NULL, NULL); return
+ * ret;
+ * }
+ * ```
+ *
+ * @param data context pointer that comes from the oc_add_device() function
+ *
+ * @see oc_add_device
+ * @see oc_set_custom_device_property
+ */
 typedef void (*oc_init_platform_cb_t)(void *data);
+
 /**
  * Callback invoked during oc_add_device(). The purpose is to add any additional
  * device properties that are not supplied to oc_add_device() function call.
@@ -171,7 +207,8 @@ typedef void (*oc_init_platform_cb_t)(void *data);
  * }
  * ```
  *
- * @param data context pointer that comes from the oc_add_device() function
+ * @param[in] data context pointer that comes from the oc_init_platform()
+ * function
  *
  * @see oc_add_device
  * @see oc_set_custom_device_property
@@ -195,8 +232,8 @@ typedef void (*oc_add_device_cb_t)(void *data);
  *
  * Not all of the listed functions must be called before calling oc_main_init.
  *
- * @param handler struct containing pointers callback handler functions
- *                responsible for controlling the IoTivity-lite application
+ * @param[in] handler struct containing pointers callback handler functions
+ *                    responsible for controlling the IoTivity-lite application
  * @return
  *  - `0` if stack has been initialized successfully
  *  - a negative number if there is an error in stack initialization
@@ -221,8 +258,8 @@ void oc_set_factory_presets_cb(oc_factory_presets_cb_t cb, void *data);
 /**
  * Add an ocf device to the the stack.
  *
- * This function is typically called from as part of the stack initialization
- * process inside the `init` callback handler.
+ * This function is typically called as part of the stack initialization
+ * process from inside the `init` callback handler.
  *
  * The `oc_add_device` function may be called as many times as needed.
  * Each call will add a new device to the stack with its own port address.
@@ -255,8 +292,9 @@ void oc_set_factory_presets_cb(oc_factory_presets_cb_t cb, void *data);
  * @param data_model_version Spec version of the resource and device
  * specifications to which this device data model is implemtned. This is the
  * "dmv" device property
- * @param add_device_cb callback function that will be invoked once device has
- *                      been added
+ * @param add_device_cb callback function invoked during oc_add_device(). The
+ *                      purpose is to add additional device properties that are
+ *                      not supplied to oc_add_device() function call.
  * @param data context pointer that is passed to the oc_add_device_cb_t
  *
  * @return
@@ -269,12 +307,57 @@ int oc_add_device(const char *uri, const char *rt, const char *name,
                   const char *spec_version, const char *data_model_version,
                   oc_add_device_cb_t add_device_cb, void *data);
 
+/**
+ * Set custom device property
+ *
+ * The purpose is to add additional device properties that are not supplied to
+ * oc_add_device() function call. This function will likely only be used inside
+ * the oc_add_device_cb_t().
+ *
+ * @param[in] prop the name of the custom property being added to the device
+ * @param[in] value the value of the custom property being added to the device
+ *
+ * @see oc_add_device_cb_t for example code using this function
+ * @see oc_add_device
+ */
 #define oc_set_custom_device_property(prop, value)                             \
   oc_rep_set_text_string(root, prop, value)
 
+/**
+ * Initialize the platform.
+ *
+ * This function is typically called as part of the stack initialization
+ * process from inside the `init` callback handler.
+ *
+ * @param[in] mfg_name the name of the platform manufacture
+ * @param[in] init_platform_cb callback function invoked during
+ * oc_init_platform(). The purpose is to add additional device properties that
+ * are not supplied to oc_init_platform() function call.
+ * @param data context pointer that is passed to the oc_init_platform_cb_t
+ *
+ * @return
+ *   - `0` on success
+ *   - `-1` on failure
+ *
+ * @see init
+ * @see oc_init_platform_cb_t
+ */
 int oc_init_platform(const char *mfg_name,
                      oc_init_platform_cb_t init_platform_cb, void *data);
 
+/**
+ * Set custom platform property.
+ *
+ * The purpose is to add additional platfrom properties that are not supplied to
+ * oc_init_platform() function call. This function will likely only be used
+ * inside the oc_init_platform_cb_t().
+ *
+ * @param[in] prop the name of the custom property being added to the platform
+ * @param[in] value the value of the custom property being added to the platform
+ *
+ * @see oc_init_platform_cb_t for example code using this function
+ * @see oc_init_platform
+ */
 #define oc_set_custom_platform_property(prop, value)                           \
   oc_rep_set_text_string(root, prop, value)
 

include/oc_buffer.h

@@ -42,7 +42,8 @@ void oc_message_unref(oc_message_t *message);
 
 void oc_recv_message(oc_message_t *message);
 void oc_send_message(oc_message_t *message);
-void oc_close_all_tls_sessions(size_t device);
+void oc_close_all_tls_sessions_for_device(size_t device);
+void oc_close_all_tls_sessions(void);
 
 #ifdef __cplusplus
 }

include/oc_clock_util.h

@@ -13,7 +13,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 */
-
+/**
+ * @file
+ */
 #ifndef OC_CLOCK_UTIL_H
 #define OC_CLOCK_UTIL_H
 

include/oc_cloud.h

@@ -17,6 +17,9 @@
  * language governing permissions and limitations under the License.
  *
  ****************************************************************************/
+/**
+ * @file
+ */
 #ifndef OC_CLOUD_H
 #define OC_CLOUD_H
 

include/oc_pki.h

@@ -14,6 +14,14 @@
 // limitations under the License.
 */
 
+/**
+ * @file
+ *
+ * OCF public key infrastructure (PKI) functions
+ *
+ * Collection of functions used to add public key infrastructure (PKI)
+ * support to devices.
+ */
 #ifndef OC_PKI_H
 #define OC_PKI_H
 
@@ -21,27 +29,170 @@
 extern "C" {
 #endif
 
+/**
+ * OCF defined security profiles
+ *
+ * Security Profiles differentiate devices based on requirements from different
+ * verticals such as industrial, health care, or smart home.
+ *
+ * See oc_pki_set_security_profile() for a description of the each of the
+ * security profiles or reference the security profiles section of the OCF
+ * Security Specification.
+ */
 typedef enum {
-  OC_SP_BASELINE = 1 << 1,
-  OC_SP_BLACK = 1 << 2,
-  OC_SP_BLUE = 1 << 3,
-  OC_SP_PURPLE = 1 << 4
+  OC_SP_BASELINE = 1 << 1, ///< The OCF Baseline Security Profile
+  OC_SP_BLACK = 1 << 2,    ///< The OCF Black Security Profile
+  OC_SP_BLUE = 1 << 3,     ///< The OCF Blue Security Profile
+  OC_SP_PURPLE = 1 << 4    ///< The OCF Purple Security Profile
 } oc_sp_types_t;
 
+/**
+ * Add the manufactures PKI identity certificate.
+ *
+ * @param[in] device index of the logical device the identity certificate
+ *                   belongs to
+ * @param[in] cert pointer to a string containing a PEM encoded identity
+ *                 certificate
+ * @param[in] cert_size the size of the `cert` string
+ * @param[in] key the PEM encoded private key associated with this certificate
+ * @param[in] key_size the size of the `key` string
+ *
+ * @return
+ *  - the credential ID of the /oic/sec/cred entry containing the certificate
+ *    chain
+ *  - `-1` on failure
+ */
 int oc_pki_add_mfg_cert(size_t device, const unsigned char *cert,
                         size_t cert_size, const unsigned char *key,
                         size_t key_size);
 
+/**
+ * Add an intermediate manufacture CA certificate.
+ *
+ * @param[in] device index of the logical device the certificate chain belongs
+ * to
+ * @param[in] credid the credential ID of the /oic/sec/cred entry containing the
+ *                   end-entity certificate
+ * @param[in] cert pointer to a string containing a PEM encoded certificate
+ * @param[in] cert_size the size of the `cert` string
+ *
+ * @return
+ *   - the credential ID of the /oic/sec/cred entry containing the certificate
+ *     chain
+ *   - `-1` on failure
+ */
 int oc_pki_add_mfg_intermediate_cert(size_t device, int credid,
                                      const unsigned char *cert,
                                      size_t cert_size);
 
+/**
+ * Add manufacture trust anchor CA
+ *
+ * @param[in] device index of the logical device the trust anchor CA belongs to
+ * @param[in] cert pointer to a string containing a PEM encoded certificate
+ * @param[in] cert_size the size of the `cert` string
+ *
+ * @return
+ *  - the credential ID of the /oic/sec/cred entry containing the certificate
+ *    chain
+ *  - `-1` on failure
+ */
 int oc_pki_add_mfg_trust_anchor(size_t device, const unsigned char *cert,
                                 size_t cert_size);
 
+/**
+ * Add trust anchor CA
+ *
+ * @param[in] device index of the logical device the trust anchor CA belongs to
+ * @param[in] cert pointer to a string containing a PEM encoded certificate
+ * @param[in] cert_size the size of the `cert` strung
+ *
+ * @return
+ *  - the credential ID of the /oic/sec/cred entry containing the certificate
+ *    chain
+ *  - `-1` on failure
+ */
 int oc_pki_add_trust_anchor(size_t device, const unsigned char *cert,
                             size_t cert_size);
 
+/**
+ * Set the OCF Security Profile
+ *
+ * The OCF Security Specification defines several Security Profiles that can be
+ * selected based on the security requirements of different verticals such as
+ * such as industrial, health care, or smart home.
+ *
+ * There are currently five types of Security Profiles specified by OCF.
+ *
+ * Following, is a non-exhaustive summary of each Security Profile type. For
+ * more details see OCF Security Specification section regarding Security
+ * Profiles.
+ *
+ * 1. Unspecified or `0`
+ *  -  reserved for future use.
+ * 2. OC_SP_BASELINE Baseline: indicates the OCF device satisfies normative
+ *    security requirements as specified by the OCF Security Specification.
+ *    Baseline Security Profile is the default security profile if no other
+ *    profile is provided.
+ * 3. OC_SP_BLACK Black: healthcare and industrial devices with additional
+ *    security requirements are the initial target for the Black Security
+ *    Profile. Black Security Profile is for edge devices with exceptional
+ *    profiles of trust bestowed upon them. Black Security Profile must support
+ *    the following
+ *      - The device satisfies all normative security requirements
+ *      - Onboarding via OCF Rooted Certificate Chain, including PKI chain
+ *        validation
+ *      - Support for AES 128 encryption for data at rest and in transit
+ *      - Manufacturer assertion of secure credential storage
+ *      - Resource should contain credential(s) if required by the selected OTM
+ *      - The OCF Device shall include an X.509v3 certificate and the
+ *        extension's 'securityProfile' field shall specify it is an OCF Black
+ *        Security Profile
+ * 4. OC_SP_BLUE Blue: indicates the OCF device has been issued a certificate
+ *    authority from OCF. The Blue Security Profile is for an ecosystem where
+ *    platform vendors may be using devices from a different vendor. The Blue
+ *    profile gives a way to assure quality devices on a different vendors
+ *    platform. Blue Security Profile must support the following
+ *      - The device satisfies all normative security requirements
+ *      - Vender attestation that the device satisfies platform security and
+ *        privacy functionality requirements.
+ *      - The device is registered with OCF.
+ *      - The Security Profile may be digitally signed by an OCF owner signing
+ *        key.
+ *      - The OCF Device shall include an X.509v3 certificate and the
+ * extension's 'securityProfile' field shall specify it is an OCF Blue Security
+ *        Profile
+ *      - The OCF Device shall include an X.509v3 OCF CPL Attributes Extension
+ *        in its certificate.
+ *      - The device shall perform a check on the certification status of the
+ *        device and platform.
+ *      - The device shall be hosted on a secure platform.
+ *      - The device shall use AES128 equivalent or better protection for
+ *        transmitted and stored data.
+ * 5. OC_SP_PURPLE Purple: indicates the device shall be able to update its
+ *    firmware in a secure manner. Purple Security Profile must support the
+ *    following:
+ *      - Secure credential storage
+ *      - Software integrity validation
+ *      - Secure update
+ *      - If a certificate is used the OCF Device shall include an X.509v3
+ *        certificate and the extension's 'securityProfile' field shall specify
+ *        it is an OCF Purple Security Profile.
+ *      - If a certificate is used the OCF Device shall include an X.509v3
+ *        OCFCPLAttributes Extension in its End-Entity Certificate when
+ *        manufacturer certificate is used.
+ *
+ * @param[in] device index of the logical device the security profile is be set
+ * on
+ * @param[in] supported_profiles a bitwise OR list of oc_sp_types_t that are
+ *                               supported by the device. The current_profile
+ *                               value may be changed to one of the other
+ *                               supported_profiles during the onboarding
+ *                               process.
+ * @param[in] current_profile the currently selected security profile
+ * @param[in] mfg_credid the credential ID of the /oic/sec/cred entry containing
+ *                       the manufactures end-entity certificate
+ */
 void oc_pki_set_security_profile(size_t device,
                                  oc_sp_types_t supported_profiles,
                                  oc_sp_types_t current_profile, int mfg_credid);

include/oc_swupdate.h

@@ -13,7 +13,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 */
-
+/**
+  @file
+*/
 #ifndef OC_SWUPDATE_H
 #define OC_SWUPDATE_H
 

messaging/coap/coap.c

@@ -641,7 +641,7 @@ coap_parse_token_option(void *packet, uint8_t *data, uint32_t data_len,
 #ifdef OC_SPEC_VER_OIC
           && coap_pkt->content_format != APPLICATION_CBOR
 #endif /* OC_SPEC_VER_OIC */
-          )
+      )
         return UNSUPPORTED_MEDIA_TYPE_4_15;
       break;
     case COAP_OPTION_MAX_AGE:
@@ -665,7 +665,7 @@ coap_parse_token_option(void *packet, uint8_t *data, uint32_t data_len,
 #ifdef OC_SPEC_VER_OIC
           && coap_pkt->accept != APPLICATION_CBOR
 #endif /* OC_SPEC_VER_OIC */
-          )
+      )
         return NOT_ACCEPTABLE_4_06;
       break;
 #if 0
@@ -796,7 +796,7 @@ coap_parse_token_option(void *packet, uint8_t *data, uint32_t data_len,
 #ifdef OC_SPEC_VER_OIC
           && version != OIC_VER_1_1_0
 #endif /* OC_SPEC_VER_OIC */
-          ) {
+      ) {
         OC_WRN("Unsupported version %d %u", option_number, version);
         return UNSUPPORTED_MEDIA_TYPE_4_15;
       }
@@ -826,9 +826,9 @@ coap_tcp_set_header_fields(void *packet, uint8_t *num_extended_length_bytes,
   coap_pkt->buffer[0] = 0x00;
   coap_pkt->buffer[0] |=
     COAP_TCP_HEADER_LEN_MASK & (*len) << COAP_TCP_HEADER_LEN_POSITION;
-  coap_pkt->buffer[0] |= COAP_HEADER_TOKEN_LEN_MASK &
-                         (coap_pkt->token_len)
-                           << COAP_HEADER_TOKEN_LEN_POSITION;
+  coap_pkt->buffer[0] |=
+    COAP_HEADER_TOKEN_LEN_MASK & (coap_pkt->token_len)
+                                   << COAP_HEADER_TOKEN_LEN_POSITION;
 
   int i = 0;
   for (i = 1; i <= *num_extended_length_bytes; i++) {
@@ -977,11 +977,11 @@ coap_udp_set_header_fields(void *packet)
   coap_pkt->buffer[0] = 0x00;
   coap_pkt->buffer[0] |= COAP_HEADER_VERSION_MASK &
                          (coap_pkt->version) << COAP_HEADER_VERSION_POSITION;
+  coap_pkt->buffer[0] |= COAP_HEADER_TYPE_MASK & (coap_pkt->type)
+                                                   << COAP_HEADER_TYPE_POSITION;
   coap_pkt->buffer[0] |=
-    COAP_HEADER_TYPE_MASK & (coap_pkt->type) << COAP_HEADER_TYPE_POSITION;
-  coap_pkt->buffer[0] |= COAP_HEADER_TOKEN_LEN_MASK &
-                         (coap_pkt->token_len)
-                           << COAP_HEADER_TOKEN_LEN_POSITION;
+    COAP_HEADER_TOKEN_LEN_MASK & (coap_pkt->token_len)
+                                   << COAP_HEADER_TOKEN_LEN_POSITION;
   coap_pkt->buffer[1] = coap_pkt->code;
   coap_pkt->buffer[2] = (uint8_t)((coap_pkt->mid) >> 8);
   coap_pkt->buffer[3] = (uint8_t)(coap_pkt->mid);
@@ -1268,7 +1268,7 @@ coap_set_token(void *packet, const uint8_t *token, size_t token_len)
 
   return coap_pkt->token_len;
 }
-#ifdef OC_CLIENT
+
 int
 coap_get_header_content_format(void *packet, unsigned int *format)
 {
@@ -1280,7 +1280,7 @@ coap_get_header_content_format(void *packet, unsigned int *format)
   *format = coap_pkt->content_format;
   return 1;
 }
-#endif
+
 int
 coap_set_header_content_format(void *packet, unsigned int format)
 {
@@ -1302,7 +1302,6 @@ coap_get_header_accept(void *packet, unsigned int *accept)
   *accept = coap_pkt->accept;
   return 1;
 }
-#ifdef OC_CLIENT
 int
 coap_set_header_accept(void *packet, unsigned int accept)
 {
@@ -1312,7 +1311,6 @@ coap_set_header_accept(void *packet, unsigned int accept)
   SET_OPTION(coap_pkt, COAP_OPTION_ACCEPT);
   return 1;
 }
-#endif
 /*---------------------------------------------------------------------------*/
 #if 0
 int coap_get_header_max_age(void *packet, uint32_t *age)

messaging/coap/engine.c

@@ -316,10 +316,15 @@ coap_receive(oc_message_t *msg)
                 goto send_message;
               } else {
                 OC_DBG("received all blocks for payload");
+                if (message->type == COAP_TYPE_CON) {
+                  coap_send_empty_ack(message->mid, &msg->endpoint);
+                }
                 coap_udp_init_message(response, COAP_TYPE_CON, CONTENT_2_05,
-                                      response->mid);
+                                      coap_get_mid());
+                transaction->mid = response->mid;
                 coap_set_header_block1(response, block1_num, block1_more,
                                        block1_size);
+                coap_set_header_accept(response, APPLICATION_VND_OCF_CBOR);
                 request_buffer->payload_size =
                   request_buffer->next_block_offset;
                 request_buffer->ref_count = 0;
@@ -331,12 +336,6 @@ coap_receive(oc_message_t *msg)
           goto init_reset_message;
         } else if (block2) {
           OC_DBG("processing block2 option");
-          unsigned int accept = 0;
-          if (coap_get_header_accept(message, &accept) == 1) {
-            coap_set_header_content_format(response, accept);
-          } else {
-            coap_set_header_content_format(response, APPLICATION_VND_OCF_CBOR);
-          }
           response_buffer = oc_blockwise_find_response_buffer(
             href, href_len, &msg->endpoint, message->code, message->uri_query,
             message->uri_query_len, OC_BLOCKWISE_SERVER);
@@ -359,9 +358,16 @@ coap_receive(oc_message_t *msg)
                                ? 1
                                : 0;
               if (more == 0) {
+                if (message->type == COAP_TYPE_CON) {
+                  coap_send_empty_ack(message->mid, &msg->endpoint);
+                }
                 coap_udp_init_message(response, COAP_TYPE_CON, CONTENT_2_05,
-                                      response->mid);
+                                      coap_get_mid());
+                transaction->mid = response->mid;
+                coap_set_header_accept(response, APPLICATION_VND_OCF_CBOR);
               }
+              coap_set_header_content_format(response,
+                                             APPLICATION_VND_OCF_CBOR);
               coap_set_payload(response, payload, payload_size);
               coap_set_header_block2(response, block2_num, more, block2_size);
               oc_blockwise_response_state_t *response_state =
@@ -772,7 +778,7 @@ send_message:
 
 #ifdef OC_SECURITY
   if (coap_status_code == CLOSE_ALL_TLS_SESSIONS) {
-    oc_close_all_tls_sessions(msg->endpoint.device);
+    oc_close_all_tls_sessions_for_device(msg->endpoint.device);
   }
 #endif /* OC_SECURITY */
 

port/linux/ipadapter.c

@@ -645,6 +645,7 @@ process_interface_change_event(void)
   }
 
   if (if_state_changed) {
+    oc_close_all_tls_sessions();
     for (i = 0; i < num_devices; i++) {
       ip_context_t *dev = get_ip_context_for_device(i);
       oc_network_event_handler_mutex_lock();

security/oc_pstat.c

@@ -192,7 +192,7 @@ oc_pstat_handle_state(oc_sec_pstat_t *ps, size_t device, bool from_storage,
     oc_factory_presets_t *fp = oc_get_factory_presets_cb();
     if (fp->cb != NULL) {
       if (self_reset) {
-        oc_tls_close_all_connections(device);
+        oc_close_all_tls_sessions_for_device(device);
       }
       memcpy(&pstat[device], ps, sizeof(oc_sec_pstat_t));
       OC_DBG("oc_pstat: invoking the factory presets callback");

security/oc_tls.c

@@ -1247,20 +1247,6 @@ oc_tls_add_peer(oc_endpoint_t *endpoint, int role)
   return peer;
 }
 
-void
-oc_tls_close_all_connections(size_t device)
-{
-  OC_DBG("oc_tls: closing all open (D)TLS sessions on device %zd", device);
-  oc_tls_peer_t *p = oc_list_head(tls_peers), *next;
-  while (p != NULL) {
-    next = p->next;
-    if (p->endpoint.device == device) {
-      oc_tls_close_connection(&p->endpoint);
-    }
-    p = next;
-  }
-}
-
 void
 oc_tls_shutdown(void)
 {
@@ -1778,15 +1764,35 @@ oc_tls_recv_message(oc_message_t *message)
 }
 
 static void
-close_all_active_tls_sessions(size_t device)
+close_all_tls_sessions_for_device(size_t device)
+{
+  OC_DBG("oc_tls: closing all open (D)TLS sessions on device %zd", device);
+  oc_tls_peer_t *p = oc_list_head(tls_peers), *next;
+  while (p != NULL) {
+    next = p->next;
+    if (p->endpoint.device == device) {
+      oc_tls_close_connection(&p->endpoint);
+    }
+    p = next;
+  }
+}
+
+static void
+close_all_tls_sessions(void)
 {
-  oc_tls_close_all_connections(device);
+  OC_DBG("oc_tls: closing all open (D)TLS sessions on all devices");
+  oc_tls_peer_t *p = oc_list_head(tls_peers), *next;
+  while (p != NULL) {
+    next = p->next;
+    oc_tls_close_connection(&p->endpoint);
+    p = next;
+  }
 }
 
 OC_PROCESS_THREAD(oc_tls_handler, ev, data)
 {
+  OC_PROCESS_POLLHANDLER(close_all_tls_sessions());
   OC_PROCESS_BEGIN();
-
   while (1) {
     OC_PROCESS_YIELD();
 
@@ -1812,7 +1818,7 @@ OC_PROCESS_THREAD(oc_tls_handler, ev, data)
 #endif /* OC_CLIENT */
     else if (ev == oc_events[TLS_CLOSE_ALL_SESSIONS]) {
       size_t device = (size_t)data;
-      close_all_active_tls_sessions(device);
+      close_all_tls_sessions_for_device(device);
     }
   }
 

security/oc_tls.h

@@ -63,7 +63,7 @@ int oc_tls_init_context(void);
 void oc_tls_shutdown(void);
 
 void oc_tls_close_connection(oc_endpoint_t *endpoint);
-void oc_tls_close_all_connections(size_t device);
+
 bool oc_sec_derive_owner_psk(oc_endpoint_t *endpoint, const uint8_t *oxm,
                              const size_t oxm_len, const uint8_t *server_uuid,
                              const size_t server_uuid_len,