mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-27 03:11:01 +00:00
Add configuration option to remove peer CRT after handshake
This commit is contained in:
parent
869144b3e9
commit
b90f655a78
|
@ -1404,6 +1404,28 @@
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_SSL_FALLBACK_SCSV
|
#define MBEDTLS_SSL_FALLBACK_SCSV
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
||||||
|
*
|
||||||
|
* This option controls the presence of the API mbedtls_ssl_get_peer_cert()
|
||||||
|
* giving access to the peer's certificate after completion of the handshake.
|
||||||
|
*
|
||||||
|
* Unless you need mbedtls_ssl_peer_cert() in your application, it is
|
||||||
|
* recommended to disable this option for reduced RAM usage.
|
||||||
|
*
|
||||||
|
* \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
|
||||||
|
* defined, but always returns \c NULL.
|
||||||
|
*
|
||||||
|
* \note This option has no influence on the protection against the
|
||||||
|
* triple handshake attack. Even if it is disabled, Mbed TLS will
|
||||||
|
* still ensure that certificates do not change during renegotiation,
|
||||||
|
* for exaple by keeping a hash of the peer's certificate.
|
||||||
|
*
|
||||||
|
* Comment this macro to disable storing the peer's certificate
|
||||||
|
* after the handshake.
|
||||||
|
*/
|
||||||
|
#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_HW_RECORD_ACCEL
|
* \def MBEDTLS_SSL_HW_RECORD_ACCEL
|
||||||
*
|
*
|
||||||
|
|
|
@ -3240,8 +3240,12 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl );
|
||||||
* \param ssl The SSL context to use. This must be initialized and setup.
|
* \param ssl The SSL context to use. This must be initialized and setup.
|
||||||
*
|
*
|
||||||
* \return The current peer certificate, or \c NULL if
|
* \return The current peer certificate, or \c NULL if
|
||||||
* none is available. It is owned by the SSL context
|
* none is available, which might be because the chosen
|
||||||
* and valid only until the next call to the SSL API.
|
* ciphersuite does not use peer certificates, or because
|
||||||
|
* #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled.
|
||||||
|
* If this functions does not return \c NULL, the returned
|
||||||
|
* certificate is owned by the SSL context and valid only
|
||||||
|
* until the next call to the SSL API.
|
||||||
*
|
*
|
||||||
* \note For one-time inspection of the peer's certificate during
|
* \note For one-time inspection of the peer's certificate during
|
||||||
* the handshake, consider registering an X.509 CRT verification
|
* the handshake, consider registering an X.509 CRT verification
|
||||||
|
|
Loading…
Reference in a new issue