mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-14 07:20:52 +00:00
requires_certificate_authentication: prioritize TLS 1.3
When checking whether the build supports certificate authentication, check the key exchange modes enabled in the default protocol version. This is TLS 1.3 when it's enabled. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
d57212ee9e
commit
cfbaffdfcc
@ -326,12 +326,13 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED"
|
||||
|
||||
requires_certificate_authentication () {
|
||||
if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
then
|
||||
# TLS 1.3 is negotiated by default, so check whether it supports
|
||||
# certificate-based authentication.
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
else # Only TLS 1.2 is enabled.
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
|
||||
elif ! is_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
then
|
||||
SKIP_NEXT="YES"
|
||||
fi
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user