From f3400da3cadbbf3c106ab76ca833b3c48c7f470e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 13 Jun 2019 12:36:31 +0100
Subject: [PATCH] Don't incl. CAs in CertReq message in baremetal build

This commit modifies the baremetal configuration to disables the inclusion
of the list of accepted CAs in the CertificateRequest message sent by the
server.

Impact on code-size:

|  | GCC 8.2.1 | ARMC5 5.06 | ARMC6 6.12 |
| --- | --- | --- | --- |
| `libmbedtls.a` before | 23099 | 23781 | 26639 |
| `libmbedtls.a` before  | 22995 | 23689 | 26515 |
| gain in Bytes | 104 | 92 | 124 |
---
 configs/baremetal.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configs/baremetal.h b/configs/baremetal.h
index 399b6e515..e61538459 100644
--- a/configs/baremetal.h
+++ b/configs/baremetal.h
@@ -80,7 +80,7 @@
 #define MBEDTLS_SSL_DTLS_CONNECTION_ID
 
 /* Compile-time fixed parts of the SSL configuration */
-#define MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED
+#define MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
 #define MBEDTLS_SSL_CONF_READ_TIMEOUT 0
 #define MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN 1000
 #define MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX 16000