TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10298 from bjwtaylor/remove-deprecated-items

Browse Source 
Remove deprecated items
This commit is contained in:
Manuel Pégourié-Gonnard
2025-08-11 07:13:08 +00:00
committed by GitHub
parent 627d653863 5a27010fab
commit 5b74c79f00
11 changed files with 16 additions and 319 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog.d/remove-deprecated-items.txt Normal file
View File

@@ -0,0 +1,11 @@
Removals
* Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the
standard version (defined in RFC 9146) of DTLS connection ID is supported.
* Remove mbedtls_ssl_conf_min_version(), mbedtls_ssl_conf_max_version(), and
the associated constants MBEDTLS_SSL_MAJOR_VERSION_x and
MBEDTLS_SSL_MINOR_VERSION_y. Use mbedtls_ssl_conf_min_tls_version() and
mbedtls_ssl_conf_max_tls_version() with MBEDTLS_SSL_VERSION_TLS1_y instead.
Note that the new names of the new constants use the TLS protocol versions,
unlike the old constants whose names are based on internal encodings.
* Remove mbedtls_ssl_conf_sig_hashes(). Use mbedtls_ssl_conf_sig_algs()
instead.

1
include/mbedtls/config_adjust_ssl.h
View File

@@ -51,7 +51,6 @@
#if !defined(MBEDTLS_SSL_PROTO_DTLS)
#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
#undef MBEDTLS_SSL_DTLS_SRTP
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE

22
include/mbedtls/mbedtls_config.h
View File

@@ -533,28 +533,6 @@
*/
#define MBEDTLS_SSL_DTLS_CONNECTION_ID
/**
* \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
*
* Defines whether RFC 9146 (default) or the legacy version
* (version draft-ietf-tls-dtls-connection-id-05,
* https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
* is used.
*
* Set the value to 0 for the standard version, and
* 1 for the legacy draft version.
*
* \deprecated Support for the legacy version of the DTLS
* Connection ID feature is deprecated. Please
* switch to the standardized version defined
* in RFC 9146 enabled by utilizing
* MBEDTLS_SSL_DTLS_CONNECTION_ID without use
* of MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT.
*
* Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID
*/
#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0
/**
* \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
*

124
include/mbedtls/ssl.h
View File

@@ -280,15 +280,6 @@
* Various constants
*/
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/* These are the high and low bytes of ProtocolVersion as defined by:
* - RFC 5246: ProtocolVersion version = { 3, 3 }; // TLS v1.2
* - RFC 8446: see section 4.2.1
*/
#define MBEDTLS_SSL_MAJOR_VERSION_3 3
#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 */
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
@@ -466,14 +457,6 @@
/** \} name SECTION: Module settings */
/*
* Default to standard CID mode
*/
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
!defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT)
#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0
#endif
/*
* Length of the verify data for secure renegotiation
*/
@@ -645,11 +628,7 @@
#define MBEDTLS_TLS_EXT_SIG_ALG_CERT 50 /* RFC 8446 TLS 1.3 */
#define MBEDTLS_TLS_EXT_KEY_SHARE 51 /* RFC 8446 TLS 1.3 */
#if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
#define MBEDTLS_TLS_EXT_CID 54 /* RFC 9146 DTLS 1.2 CID */
#else
#define MBEDTLS_TLS_EXT_CID 254 /* Pre-RFC 9146 DTLS 1.2 CID */
#endif
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
@@ -887,7 +866,6 @@ typedef struct mbedtls_ssl_config mbedtls_ssl_config;
/* Defined in library/ssl_misc.h */
typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
#endif
@@ -1502,10 +1480,6 @@ struct mbedtls_ssl_config {
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
#endif
const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
@@ -3387,7 +3361,7 @@ int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len,
*
* \note The restrictions are enforced for all certificates in the
* chain. However, signatures in the handshake are not covered
* by this setting but by \b mbedtls_ssl_conf_sig_hashes().
* by this setting but by \b mbedtls_ssl_conf_sig_algs().
*
* \param conf SSL configuration
* \param profile Profile to use
@@ -3729,41 +3703,6 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf,
const uint16_t *groups);
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
/**
* \brief Set the allowed hashes for signatures during the handshake.
*
* \note This only affects which hashes are offered and can be used
* for signatures during the handshake. Hashes for message
* authentication and the TLS PRF are controlled by the
* ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes
* used for certificate signature are controlled by the
* verification profile, see \c mbedtls_ssl_conf_cert_profile().
*
* \deprecated Superseded by mbedtls_ssl_conf_sig_algs().
*
* \note This list should be ordered by decreasing preference
* (preferred hash first).
*
* \note By default, all supported hashes whose length is at least
* 256 bits are allowed. This is the same set as the default
* for certificate verification
* (#mbedtls_x509_crt_profile_default).
* The preference order is currently unspecified and may
* change in future versions.
*
* \note New minor versions of Mbed TLS may extend this list,
* for example if new curves are added to the library.
* New minor versions of Mbed TLS will not remove items
* from this list unless serious security concerns require it.
*
* \param conf SSL configuration
* \param hashes Ordered list of allowed signature hashes,
* terminated by \c MBEDTLS_MD_NONE.
*/
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf,
const int *hashes);
#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */
/**
* \brief Configure allowed signature algorithms for use in TLS
@@ -4110,28 +4049,6 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl
mbedtls_dtls_srtp_info *dtls_srtp_info);
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief Set the maximum supported version sent from the client side
* and/or accepted at the server side.
*
* See also the documentation of mbedtls_ssl_conf_min_version().
*
* \note This ignores ciphersuites from higher versions.
*
* \note This function is deprecated and has been replaced by
* \c mbedtls_ssl_conf_max_tls_version().
*
* \param conf SSL configuration
* \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
* \param minor Minor version number
* (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
* #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
*/
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major,
int minor);
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**
* \brief Set the maximum supported version sent from the client side
* and/or accepted at the server side.
@@ -4150,45 +4067,6 @@ static inline void mbedtls_ssl_conf_max_tls_version(mbedtls_ssl_config *conf,
conf->MBEDTLS_PRIVATE(max_tls_version) = tls_version;
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief Set the minimum accepted SSL/TLS protocol version
*
* \note By default, all supported versions are accepted.
* Future versions of the library may disable older
* protocol versions by default if they become deprecated.
*
* \note The following versions are supported (if enabled at
* compile time):
* - (D)TLS 1.2: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3,
* \p minor = #MBEDTLS_SSL_MINOR_VERSION_3
* - TLS 1.3: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3,
* \p minor = #MBEDTLS_SSL_MINOR_VERSION_4
*
* Note that the numbers in the constant names are the
* TLS internal protocol numbers, and the minor versions
* differ by one from the human-readable versions!
*
* \note Input outside of the SSL_MAX_XXXXX_VERSION and
* SSL_MIN_XXXXX_VERSION range is ignored.
*
* \note After the handshake, you can call
* mbedtls_ssl_get_version_number() to see what version was
* negotiated.
*
* \note This function is deprecated and has been replaced by
* \c mbedtls_ssl_conf_min_tls_version().
*
* \param conf SSL configuration
* \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
* \param minor Minor version number
* (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
* #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
*/
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major,
int minor);
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**
* \brief Set the minimum supported version sent from the client side
* and/or accepted at the server side.

13
library/mbedtls_check_config.h
View File

@@ -237,19 +237,6 @@
#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && \
!defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0
#if defined(MBEDTLS_DEPRECATED_REMOVED)
#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS"
#elif defined(MBEDTLS_DEPRECATED_WARNING)
#warning "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS"
#endif
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0 */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"

15
library/ssl_misc.h
View File

@@ -712,11 +712,6 @@ struct mbedtls_ssl_handshake_params {
unsigned char retransmit_state; /*!< Retransmission state */
#endif
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
unsigned char group_list_heap_allocated;
unsigned char sig_algs_heap_allocated;
#endif
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
uint8_t ecrs_enabled; /*!< Handshake supports EC restart? */
enum { /* this complements ssl->state with info on intra-state operations */
@@ -2305,15 +2300,6 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group)
/*
* Return supported signature algorithms.
*
* In future, invocations can be changed to ssl->conf->sig_algs when
* mbedtls_ssl_conf_sig_hashes() is deleted.
*
* ssl->handshake->sig_algs is either a translation of sig_hashes to IANA TLS
* signature algorithm identifiers when mbedtls_ssl_conf_sig_hashes() has been
* used, or a pointer to ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has
* been more recently invoked.
*
*/
static inline const void *mbedtls_ssl_get_sig_algs(
const mbedtls_ssl_context *ssl)
@@ -2322,7 +2308,6 @@ static inline const void *mbedtls_ssl_get_sig_algs(
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
if (ssl->handshake != NULL &&
ssl->handshake->sig_algs_heap_allocated == 1 &&
ssl->handshake->sig_algs != NULL) {
return ssl->handshake->sig_algs;
}

25
library/ssl_msg.c
View File

@@ -663,8 +663,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data,
unsigned char *cur = add_data;
size_t ad_len_field = rec->data_len;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
const unsigned char seq_num_placeholder[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
#endif
@@ -680,8 +679,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data,
((void) tls_version);
((void) taglen);
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if (rec->cid_len != 0) {
// seq_num_placeholder
memcpy(cur, seq_num_placeholder, sizeof(seq_num_placeholder));
@@ -711,24 +709,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data,
memcpy(cur, rec->ver, sizeof(rec->ver));
cur += sizeof(rec->ver);
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 1
if (rec->cid_len != 0) {
// CID
memcpy(cur, rec->cid, rec->cid_len);
cur += rec->cid_len;
// cid_length
*cur = rec->cid_len;
cur++;
// length of inner plaintext
MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0);
cur += 2;
} else
#elif defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if (rec->cid_len != 0) {
// epoch + sequence number

104
library/ssl_tls.c
View File

@@ -1066,73 +1066,6 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
mbedtls_ssl_set_timer(ssl, 0);
}
#endif
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* Heap allocate and translate sig_hashes from internal hash identifiers to
signature algorithms IANA identifiers. */
if (mbedtls_ssl_conf_is_tls12_only(ssl->conf) &&
ssl->conf->sig_hashes != NULL) {
const int *md;
const int *sig_hashes = ssl->conf->sig_hashes;
size_t sig_algs_len = 0;
uint16_t *p;
MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN
<= (SIZE_MAX - (2 * sizeof(uint16_t))),
"MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN too big");
for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) {
if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) {
continue;
}
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
sig_algs_len += sizeof(uint16_t);
#endif
#if defined(MBEDTLS_RSA_C)
sig_algs_len += sizeof(uint16_t);
#endif
if (sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN) {
return MBEDTLS_ERR_SSL_BAD_CONFIG;
}
}
if (sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN) {
return MBEDTLS_ERR_SSL_BAD_CONFIG;
}
ssl->handshake->sig_algs = mbedtls_calloc(1, sig_algs_len +
sizeof(uint16_t));
if (ssl->handshake->sig_algs == NULL) {
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
p = (uint16_t *) ssl->handshake->sig_algs;
for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) {
unsigned char hash = mbedtls_ssl_hash_from_md_alg(*md);
if (hash == MBEDTLS_SSL_HASH_NONE) {
continue;
}
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
*p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA);
p++;
#endif
#if defined(MBEDTLS_RSA_C)
*p = ((hash << 8) | MBEDTLS_SSL_SIG_RSA);
p++;
#endif
}
*p = MBEDTLS_TLS_SIG_NONE;
ssl->handshake->sig_algs_heap_allocated = 1;
} else
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
{
ssl->handshake->sig_algs_heap_allocated = 0;
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
return 0;
}
@@ -2420,24 +2353,11 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type
}
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
/*
* Set allowed/preferred hashes for handshake signatures
*/
void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf,
const int *hashes)
{
conf->sig_hashes = hashes;
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */
/* Configure allowed signature algorithms for handshake */
void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf,
const uint16_t *sig_algs)
{
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
conf->sig_hashes = NULL;
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
conf->sig_algs = sig_algs;
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
@@ -2633,18 +2553,6 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor)
{
conf->max_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor);
}
void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor)
{
conf->min_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor);
}
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_SSL_SRV_C)
void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf,
char cert_req_ca_list)
@@ -4460,20 +4368,8 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
return;
}
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
if (ssl->handshake->group_list_heap_allocated) {
mbedtls_free((void *) handshake->group_list);
}
handshake->group_list = NULL;
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
if (ssl->handshake->sig_algs_heap_allocated) {
mbedtls_free((void *) handshake->sig_algs);
}
handshake->sig_algs = NULL;
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)

2
programs/fuzz/fuzz_client.c
View File

@@ -137,7 +137,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
}
#endif
//There may be other options to add :
// mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes
// mbedtls_ssl_conf_cert_profile
if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
goto exit;

1
tests/configs/tls13-only.h
View File

@@ -25,4 +25,3 @@
#undef MBEDTLS_SSL_DTLS_SRTP
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT

17
tests/scripts/components-configuration-tls.sh
View File

@@ -342,23 +342,6 @@ component_test_variable_ssl_in_out_buffer_len () {
tests/compat.sh
}
component_test_dtls_cid_legacy () {
msg "build: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)"
scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 1
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy)"
make test
msg "test: ssl-opt.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
tests/ssl-opt.sh
msg "test: compat.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
tests/compat.sh
}
component_test_ssl_alloc_buffer_and_mfl () {
msg "build: default config with memory buffer allocator and MFL extension"
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C