From f336c7ea7185e9e8624793edebd1adcaf4aea6db Mon Sep 17 00:00:00 2001
From: Hannes Tschofenig <hannes.tschofenig@arm.com>
Date: Thu, 3 Dec 2020 15:47:47 +0100
Subject: [PATCH] Adding delayed server cert verification config option

---
 include/mbedtls/config.h | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index ee25107d2..ebc28306c 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -40,6 +40,15 @@
  * \{
  */
 
+/**
+ * \def MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
+ *
+ * Enable the delayed verification of server 
+ * certificates on the client side. 
+ *
+ */
+#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
+
 /**
  * \def MBEDTLS_HAVE_ASM
  *
@@ -1592,6 +1601,20 @@
  */
 #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 
+/**
+ * \def MBEDTLS_SSL_FREE_SERVER_CERTIFICATE
+ *
+ * This option controls determines whether the server certificate is discarded
+ * after a handshake when the MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is enabled.
+ *
+ * Use of this option is useful in combined with the delayed certificate verification
+ * when the server certificate has to be kept for the duration of the handshake
+ * but not afterwards.
+ *
+ */
+#define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE
+
+
 /**
  * \def MBEDTLS_SSL_HW_RECORD_ACCEL
  *