Allow configuring MBEDTLS_TLS_EXT_CID at compile time

The numerical identifier of the CID extension hasn't been settled yet
and different implementations use values from different drafts. Allow
configuring the value at compile time.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-04-24 13:35:41 +02:00 committed by Manuel Pégourié-Gonnard
parent 2aec149e13
commit 7dd2f504b3
3 changed files with 21 additions and 1 deletions

View file

@ -0,0 +1,3 @@
Features
* The identifier of the CID TLS extension can be configured by defining
MBEDTLS_TLS_EXT_CID at compile time.

View file

@ -3194,6 +3194,17 @@
//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
/** \def MBEDTLS_TLS_EXT_CID
*
* At the time of writing, the CID extension has not been assigned its
* final value. Set this configuration option to make Mbed TLS use a
* different value.
*
* A future minor revision of Mbed TLS may change the default value of
* this option to match evolving standards and usage.
*/
//#define MBEDTLS_TLS_EXT_CID 254
/**
* Complete list of ciphersuites to use, in order of preference.
*

View file

@ -425,8 +425,14 @@
/* The value of the CID extension is still TBD as of
* draft-ietf-tls-dtls-connection-id-05
* (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */
* (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05).
*
* A future minor revision of Mbed TLS may change the default value of
* this option to match evolving standards and usage.
*/
#if !defined(MBEDTLS_TLS_EXT_CID)
#define MBEDTLS_TLS_EXT_CID 254 /* TBD */
#endif
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */