mbedtls/configs
Hanno Becker b0b2b67568 Allow compile-time configuration of legacy renegotiation
Introduces MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION
allowing to configure enforcing secure renegotiation at
compile-time.

Impact on code-size:

|  | GCC | ARMC5 | ARMC6 |
| --- | --- | --- | --- |
| `libmbedtls.a` after  | 23379 | 23929 | 27727 |
| `libmbedtls.a` before | 23307 | 23865 | 27615 |
| gain in Bytes | 72 | 64 | 112 |
2019-07-02 16:41:34 +01:00
..
baremetal_test.h Correct ECP optimization params in baremetal_test.sh 2019-04-03 12:04:32 +01:00
baremetal.h Allow compile-time configuration of legacy renegotiation 2019-07-02 16:41:34 +01:00
config-ccm-psk-tls1_2.h Use negated option for controlling TLS support. 2019-06-17 15:26:34 +02:00
config-mini-tls1_1.h Use negated option for controlling TLS support. 2019-06-17 15:26:34 +02:00
config-no-entropy.h Add a disabled CMAC define in the no-entropy configuration 2018-06-06 13:55:05 +02:00
config-suite-b.h Use negated option for controlling TLS support. 2019-06-17 15:26:34 +02:00
config-thread.h Use negated option for controlling TLS support. 2019-06-17 15:26:34 +02:00
README.txt Fix typo in configs/README.txt file 2017-10-06 11:58:50 +01:00

This directory contains example configuration files.

The examples are generally focused on a particular usage case (eg, support for
a restricted number of ciphersuites) and aim at minimizing resource usage for
this target. They can be used as a basis for custom configurations.

These files are complete replacements for the default config.h. To use one of
them, you can pick one of the following methods:

1. Replace the default file include/mbedtls/config.h with the chosen one.
   (Depending on your compiler, you may need to adjust the line with
   #include "mbedtls/check_config.h" then.)

2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly.
   For example, using make:

    CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" make

   Or, using cmake:

    find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
    CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" cmake .
    make

Note that the second method also works if you want to keep your custom
configuration file outside the mbed TLS tree.