Mark all code blocks as C

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman 2021-06-30 19:11:22 +01:00
parent a014831732
commit 10963278e7

View file

@ -725,7 +725,7 @@ If you prefer a different order, call `mbedtls_ssl_conf_curves()` when configuri
### SSL key export interface change ### SSL key export interface change
This affects users of the SSL key export APIs: This affects users of the SSL key export APIs:
``` ```C
mbedtls_ssl_conf_export_keys_cb() mbedtls_ssl_conf_export_keys_cb()
mbedtls_ssl_conf_export_keys_ext_cb() mbedtls_ssl_conf_export_keys_ext_cb()
``` ```
@ -876,7 +876,7 @@ Those users will need to modify the API of their session cache
implementation to that of a key-value store with keys being implementation to that of a key-value store with keys being
session IDs and values being instances of `mbedtls_ssl_session`: session IDs and values being instances of `mbedtls_ssl_session`:
``` ```C
typedef int mbedtls_ssl_cache_get_t( void *data, typedef int mbedtls_ssl_cache_get_t( void *data,
unsigned char const *session_id, unsigned char const *session_id,
size_t session_id_len, size_t session_id_len,
@ -992,7 +992,7 @@ The compile-time options `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES` and `M
The curve secp256k1 has also been removed from the default X.509 and TLS profiles. [RFC 8422](https://datatracker.ietf.org/doc/html/rfc8422#section-5.1.1) deprecates it in TLS, and it is very rarely used, although it is not known to be weak at the time of writing. The curve secp256k1 has also been removed from the default X.509 and TLS profiles. [RFC 8422](https://datatracker.ietf.org/doc/html/rfc8422#section-5.1.1) deprecates it in TLS, and it is very rarely used, although it is not known to be weak at the time of writing.
If you still need to accept certificates signed with algorithms that have been removed from the default profile, call `mbedtls_x509_crt_verify_with_profile` instead of `mbedtls_x509_crt_verify` and pass a profile that allows the curves and hashes you want. For example, to allow SHA-224: If you still need to accept certificates signed with algorithms that have been removed from the default profile, call `mbedtls_x509_crt_verify_with_profile` instead of `mbedtls_x509_crt_verify` and pass a profile that allows the curves and hashes you want. For example, to allow SHA-224:
``` ```C
mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default; mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default;
my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ); my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );
``` ```