mbedtls/configs
Hanno Becker e965bd397e Allow hardcoding of min/max minor/major SSL version at compile-time
This commit introduces the numeric compile-time constants

- MBEDTLS_SSL_CONF_MIN_MINOR_VER
- MBEDTLS_SSL_CONF_MAX_MINOR_VER
- MBEDTLS_SSL_CONF_MIN_MAJOR_VER
- MBEDTLS_SSL_CONF_MAX_MAJOR_VER

which, when defined, overwrite the runtime configurable fields
mbedtls_ssl_config::min_major_ver etc. in the SSL configuration.

As for the preceding case of the ExtendedMasterSecret configuration,
it also introduces and puts to use getter functions for these variables
which evaluate to either a field access or the macro value, maintaining
readability of the code.

The runtime configuration API mbedtls_ssl_conf_{min|max}_version()
is kept for now but has no effect if MBEDTLS_SSL_CONF_XXX are set.
This is likely to be changed in a later commit but deliberately omitted
for now, in order to be able to study code-size benefits earlier in the
process.
2019-07-12 15:14:51 +01:00
..
baremetal.h Allow hardcoding of min/max minor/major SSL version at compile-time 2019-07-12 15:14:51 +01:00
baremetal_test.h Allow compile-time configuration of PRNG in SSL module 2019-07-04 10:27:41 +01:00
config-ccm-psk-tls1_2.h Use negated option for controlling TLS support. 2019-06-17 15:26:34 +02:00
config-mini-tls1_1.h Use negated option for controlling TLS support. 2019-06-17 15:26:34 +02:00
config-no-entropy.h Add a disabled CMAC define in the no-entropy configuration 2018-06-06 13:55:05 +02:00
config-suite-b.h Use negated option for controlling TLS support. 2019-06-17 15:26:34 +02:00
config-thread.h Use negated option for controlling TLS support. 2019-06-17 15:26:34 +02:00
README.txt Fix typo in configs/README.txt file 2017-10-06 11:58:50 +01:00

This directory contains example configuration files.

The examples are generally focused on a particular usage case (eg, support for
a restricted number of ciphersuites) and aim at minimizing resource usage for
this target. They can be used as a basis for custom configurations.

These files are complete replacements for the default config.h. To use one of
them, you can pick one of the following methods:

1. Replace the default file include/mbedtls/config.h with the chosen one.
   (Depending on your compiler, you may need to adjust the line with
   #include "mbedtls/check_config.h" then.)

2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly.
   For example, using make:

    CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" make

   Or, using cmake:

    find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
    CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" cmake .
    make

Note that the second method also works if you want to keep your custom
configuration file outside the mbed TLS tree.