d1100b0b45
Disable ticket module if either the TLS server or the support for session tickets is not enabled at build time as in that case the ticket module is not used by the TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
81 lines
2.9 KiB
C
81 lines
2.9 KiB
C
/**
|
|
* \file mbedtls/config_adjust_ssl.h
|
|
* \brief Adjust TLS configuration
|
|
*
|
|
* Automatically enable certain dependencies. Generally, MBEDLTS_xxx
|
|
* configurations need to be explicitly enabled by the user: enabling
|
|
* MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
|
|
* compilation error. However, we do automatically enable certain options
|
|
* in some circumstances. One case is if MBEDTLS_xxx_B is an internal option
|
|
* used to identify parts of a module that are used by other module, and we
|
|
* don't want to make the symbol MBEDTLS_xxx_B part of the public API.
|
|
* Another case is if A didn't depend on B in earlier versions, and we
|
|
* want to use B in A but we need to preserve backward compatibility with
|
|
* configurations that explicitly activate MBEDTLS_xxx_A but not
|
|
* MBEDTLS_xxx_B.
|
|
*/
|
|
/*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
|
*/
|
|
|
|
#ifndef MBEDTLS_CONFIG_ADJUST_SSL_H
|
|
#define MBEDTLS_CONFIG_ADJUST_SSL_H
|
|
|
|
/* The following blocks make it easier to disable all of TLS,
|
|
* or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
|
|
* key exchanges, options and extensions related to them. */
|
|
|
|
#if !defined(MBEDTLS_SSL_TLS_C)
|
|
#undef MBEDTLS_SSL_CLI_C
|
|
#undef MBEDTLS_SSL_SRV_C
|
|
#undef MBEDTLS_SSL_PROTO_TLS1_3
|
|
#undef MBEDTLS_SSL_PROTO_TLS1_2
|
|
#undef MBEDTLS_SSL_PROTO_DTLS
|
|
#endif
|
|
|
|
#if !(defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS))
|
|
#undef MBEDTLS_SSL_TICKET_C
|
|
#endif
|
|
|
|
#if !defined(MBEDTLS_SSL_PROTO_DTLS)
|
|
#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
|
|
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
|
|
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
|
|
#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
|
#undef MBEDTLS_SSL_DTLS_SRTP
|
|
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
|
|
#endif
|
|
|
|
#if !defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
|
#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
|
#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
|
|
#undef MBEDTLS_SSL_RENEGOTIATION
|
|
#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
|
#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
|
#endif
|
|
|
|
#if !defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
|
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
|
|
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
|
#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
|
#undef MBEDTLS_SSL_EARLY_DATA
|
|
#undef MBEDTLS_SSL_RECORD_SIZE_LIMIT
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
|
(defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
|
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
|
|
#define MBEDTLS_SSL_TLS1_2_SOME_ECC
|
|
#endif
|
|
|
|
#endif /* MBEDTLS_CONFIG_ADJUST_SSL_H */
|