Add config sanity check for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
This commit is contained in:
parent
a1051b4e9a
commit
fe4ef0c1ae
2 changed files with 13 additions and 2 deletions
|
@ -280,6 +280,14 @@
|
||||||
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
|
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && \
|
||||||
|
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
|
||||||
|
( !defined(MBEDTLS_SHA256_C) && \
|
||||||
|
!defined(MBEDTLS_SHA512_C) && \
|
||||||
|
!defined(MBEDTLS_SHA1_C) )
|
||||||
|
#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C"
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
|
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
|
||||||
( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
|
( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
|
||||||
#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
|
#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
|
||||||
|
|
|
@ -787,7 +787,8 @@ typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl,
|
||||||
typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
|
typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
|
||||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && \
|
||||||
|
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||||
#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48
|
#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_SHA256_C)
|
||||||
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
|
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
|
||||||
|
@ -799,9 +800,11 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
|
||||||
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1
|
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1
|
||||||
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 20
|
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 20
|
||||||
#else
|
#else
|
||||||
|
/* This is already checked in check_config.h, but be sure. */
|
||||||
#error "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT."
|
#error "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT."
|
||||||
#endif
|
#endif
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED &&
|
||||||
|
!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This structure is used for storing current session data.
|
* This structure is used for storing current session data.
|
||||||
|
|
Loading…
Reference in a new issue