lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-22 04:01:53 +03:00
Code Activity

Add config sanity check for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE

Browse Source
This commit is contained in:
Hanno Becker
2019-02-26 11:43:09 +00:00
parent a1051b4e9a
commit fe4ef0c1ae
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
include/mbedtls/ssl.h
View File

@ -787,7 +787,8 @@ typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl,
typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && \
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48
#if defined(MBEDTLS_SHA256_C)
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
@ -799,9 +800,11 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 20
#else
/* This is already checked in check_config.h, but be sure. */
#error "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT."
#endif
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED &&
!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/*
* This structure is used for storing current session data.