Remove obsolete requirements on middlebox compatibility mode: generated

MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is no longer required, except in test
cases that are specifically about it. This commit removes the requirement in
tls13-compat.sh (which does not have test cases that actually depend on the
feature).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-09-13 15:18:07 +02:00
parent edc8f35ed3
commit ae5a35fc30
2 changed files with 1 additions and 910 deletions

File diff suppressed because it is too large Load Diff

View File

@ -66,7 +66,7 @@ class TLSProgram:
# pylint: disable=too-many-arguments
def __init__(self, ciphersuite=None, signature_algorithm=None, named_group=None,
cert_sig_alg=None, compat_mode=True):
cert_sig_alg=None):
self._ciphers = []
self._sig_algs = []
self._named_groups = []
@ -79,7 +79,6 @@ class TLSProgram:
self.add_signature_algorithms(signature_algorithm)
if cert_sig_alg:
self.add_cert_signature_algorithms(cert_sig_alg)
self._compat_mode = compat_mode
# add_ciphersuites should not override by sub class
def add_ciphersuites(self, *ciphersuites):
@ -157,8 +156,6 @@ class OpenSSLBase(TLSProgram):
ret += ["-groups {named_groups}".format(named_groups=named_groups)]
ret += ['-msg -tls1_3']
if not self._compat_mode:
ret += ['-no_middlebox']
return ret
@ -288,9 +285,6 @@ class GnuTLSBase(TLSProgram):
priority_string = ':+'.join(priority_string_list)
priority_string += ':%NO_TICKETS'
if not self._compat_mode:
priority_string += [':%DISABLE_TLS13_COMPAT_MODE']
ret += ['--priority={priority_string}'.format(
priority_string=priority_string)]
return ret
@ -370,9 +364,6 @@ class MbedTLSBase(TLSProgram):
ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
'requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED']
if self._compat_mode:
ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE']
if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs:
ret.append(
'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')