Our TLS code cannot block during the TLS handshake, so we use mbedtls_ssl_handshake_step() instead of mbedtls_ssl_handshake(), and on WANT_READ or WANT_WRITE we exit to allow the IO to be handled. Prior to 3.1, we determined that the handshake was complete based on mbedtls_ssl_handshake_step() returning OK and ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER. However, in 3.1, ssl->state is marked as private.
So, is it safe to assume that if mbedtls_ssl_handshake_step() returns OK, then the handshake has successfully completed?