From 9627202d3ae7f47ec0fb1b299433fb556a261622 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Sat, 12 Dec 2020 07:33:20 -0500 Subject: [PATCH] Move MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION to baremetal config Signed-off-by: Andrzej Kurek --- configs/baremetal.h | 3 +++ include/mbedtls/config.h | 2 +- scripts/config.pl | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/configs/baremetal.h b/configs/baremetal.h index e49a52c71..43a488c2f 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -160,7 +160,10 @@ /* Fault Injection Countermeasures */ #define MBEDTLS_FI_COUNTERMEASURES #define MBEDTLS_CCM_SHUFFLING_MASKING + /* Further optimizations */ +#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE +#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION #define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE #define MBEDTLS_IMMEDIATE_TRANSMISSION #define MBEDTLS_EARLY_KEY_COMPUTATION diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c675cbde1..3c3c1ce56 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -47,7 +47,7 @@ * certificates on the client side. * */ -#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION +//#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION /** * \def MBEDTLS_HAVE_ASM diff --git a/scripts/config.pl b/scripts/config.pl index f3b9da6a9..d9aef53db 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -62,6 +62,7 @@ # MBEDTLS_OPTIMIZE_TINYCRYPT_ASM # MBEDTLS_AES_128_BIT_MASKED # MBEDTLS_PLATFORM_FAULT_CALLBACKS +# MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION # MBEDTLS_SSL_FREE_SERVER_CERTIFICATE # MBEDTLS_IMMEDIATE_TRANSMISSION # MBEDTLS_EARLY_KEY_COMPUTATION @@ -153,6 +154,7 @@ MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY MBEDTLS_OPTIMIZE_TINYCRYPT_ASM MBEDTLS_AES_128_BIT_MASKED MBEDTLS_PLATFORM_FAULT_CALLBACKS +MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION MBEDTLS_SSL_FREE_SERVER_CERTIFICATE MBEDTLS_IMMEDIATE_TRANSMISSION MBEDTLS_EARLY_KEY_COMPUTATION