eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'tls/development' into development

Browse source 
Merge Mbed TLS at f790a6cbee into Mbed Crypto.

Resolve conflicts by performing the following:
    - Reject changes to README.md
    - Don't add crypto as a submodule
    - Remove test/ssl_cert_test from programs/Makefile
    - Add cipher.nist_kw test to tests/CMakeLists.txt
    - Reject removal of crypto-specific all.sh tests
    - Reject update to SSL-specific portion of component_test_valgrind
      in all.sh
    - Reject addition of ssl-opt.sh testing to component_test_m32_o1 in
      all.sh

* tls/development: (87 commits)
  Call mbedtls_cipher_free() to reset a cipher context
  Don't call mbedtls_cipher_setkey twice
  Update crypto submodule
  Minor fixes in get certificate policies oid test
  Add certificate policy oid x509 extension
  cpp_dummy_build: Add missing header psa_util.h
  Clarify comment mangled by an earlier refactoring
  Add an "out-of-box" component
  Run ssl-opt.sh on 32-bit runtime
  Don't use debug level 1 for informational messages
  Skip uncritical unsupported extensions
  Give credit to OSS-Fuzz for #2404
  all.sh: remove component_test_new_ecdh_context
  Remove crypto-only related components from all.sh
  Remove ssl_cert_test sample app
  Make CRT callback tests more robust
  Rename constant in client2.c
  Document and test flags in x509_verify
  Fix style issues and a typo
  Fix a rebase error
  ...
This commit is contained in:
Jaeden Amero 2019-04-17 12:12:24 +01:00
commit 521dbc67da
46 changed files with 1558 additions and 1189 deletions
Download patch file Download diff file Expand all files Collapse all files

19
include/mbedtls/config.h
View file

@ -1791,6 +1791,25 @@
*/
//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
/**
* \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
*
* If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
* and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure
* the set of trusted certificates through a callback instead of a linked
* list.
*
* This is useful for example in environments where a large number of trusted
* certificates is present and storing them in a linked list isn't efficient
* enough, or when the set of trusted certificates changes frequently.
*
* See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and
* `mbedtls_ssl_conf_ca_cb()` for more information.
*
* Uncomment to enable trusted certificate callbacks.
*/
//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
/**
* \def MBEDTLS_X509_CHECK_KEY_USAGE
*