mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-16 22:20:56 +00:00
Mark all code blocks as C
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
parent
a014831732
commit
10963278e7
@ -725,7 +725,7 @@ If you prefer a different order, call `mbedtls_ssl_conf_curves()` when configuri
|
||||
### SSL key export interface change
|
||||
|
||||
This affects users of the SSL key export APIs:
|
||||
```
|
||||
```C
|
||||
mbedtls_ssl_conf_export_keys_cb()
|
||||
mbedtls_ssl_conf_export_keys_ext_cb()
|
||||
```
|
||||
@ -876,7 +876,7 @@ Those users will need to modify the API of their session cache
|
||||
implementation to that of a key-value store with keys being
|
||||
session IDs and values being instances of `mbedtls_ssl_session`:
|
||||
|
||||
```
|
||||
```C
|
||||
typedef int mbedtls_ssl_cache_get_t( void *data,
|
||||
unsigned char const *session_id,
|
||||
size_t session_id_len,
|
||||
@ -992,7 +992,7 @@ The compile-time options `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES` and `M
|
||||
The curve secp256k1 has also been removed from the default X.509 and TLS profiles. [RFC 8422](https://datatracker.ietf.org/doc/html/rfc8422#section-5.1.1) deprecates it in TLS, and it is very rarely used, although it is not known to be weak at the time of writing.
|
||||
|
||||
If you still need to accept certificates signed with algorithms that have been removed from the default profile, call `mbedtls_x509_crt_verify_with_profile` instead of `mbedtls_x509_crt_verify` and pass a profile that allows the curves and hashes you want. For example, to allow SHA-224:
|
||||
```
|
||||
```C
|
||||
mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default;
|
||||
my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );
|
||||
```
|
||||
|
Loading…
Reference in New Issue
Block a user