Allow configuring MBEDTLS_TLS_EXT_CID at compile time

The numerical identifier of the CID extension hasn't been settled yet and different implementations use values from different drafts. Allow configuring the value at compile time. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-24 13:35:41 +02:00 · 2021-04-24 13:35:41 +02:00 · 7dd2f504b3
commit 7dd2f504b3
parent 2aec149e13
3 changed files with 21 additions and 1 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -425,8 +425,14 @@

 /* The value of the CID extension is still TBD as of
 * draft-ietf-tls-dtls-connection-id-05
- * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */
+ * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05).
+ *
+ * A future minor revision of Mbed TLS may change the default value of
+ * this option to match evolving standards and usage.
+ */
+#if !defined(MBEDTLS_TLS_EXT_CID)
 #define MBEDTLS_TLS_EXT_CID                        254 /* TBD */
+#endif

 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP               256 /* experimental */