mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-05-30 06:27:03 +00:00
f765ce617f
If the ExtendedMasterSecret extension is configured at compile-time by setting MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET and/or MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET, the runtime configuration APIs mbedtls_ssl_conf_extended_master_secret() and mbedtls_ssl_conf_extended_master_secret_enforce() must either be removed or modified to take no effect (or at most check that the runtime value matches the hardcoded one, but that would undermine the code-size benefits the hardcoding is supposed to bring in the first place). Previously, the API was kept but modified to have no effect. While convenient for us because we don't have to adapt example applications, this comes at the danger of users calling the runtime configuration API, forgetting that the respective fields are potentially already hardcoded at compile-time - and hence silently using a configuration they don't intend to use. This commit changes the approach to removing the configuration API in case the respective field is hardcoded at compile-time, and exemplifies it in the only case implemented so far, namely the configuration of the ExtendedMasterSecret extension. It adapts ssl_client2 and ssl_server2 by omitting the call to the corresponding API if MBEDTLS_SSL_CONF_XXX are defined and removing the command line parameters for the runtime configuration of the ExtendedMasterSecret extension. |
||
|---|---|---|
| .. | ||
| CMakeLists.txt | ||
| dtls_client.c | ||
| dtls_server.c | ||
| mini_client.c | ||
| query_config.c | ||
| ssl_client1.c | ||
| ssl_client2.c | ||
| ssl_fork_server.c | ||
| ssl_mail_client.c | ||
| ssl_pthread_server.c | ||
| ssl_server.c | ||
| ssl_server2.c | ||