mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-04-15 08:28:50 +02:00
56595f4f7b
This commit introduces the option MBEDTLS_SSL_CONF_SINGLE_HASH which can be used to register a single supported signature hash algorithm at compile time. It replaces the runtime configuration API mbedtls_ssl_conf_sig_hashes() which allows to register a _list_ of supported signature hash algorithms. In contrast to other options used to hardcode configuration options, MBEDTLS_SSL_CONF_SINGLE_HASH isn't a numeric option, but instead it's only relevant if it's defined or not. To actually set the single supported hash algorithm that should be supported, numeric options MBEDTLS_SSL_CONF_SINGLE_HASH_TLS_ID MBEDTLS_SSL_CONF_SINGLE_HASH_MD_ID must both be defined and provide the TLS ID and the Mbed TLS internal ID and the chosen hash algorithm, respectively.
This directory contains example configuration files.
The examples are generally focused on a particular usage case (eg, support for
a restricted number of ciphersuites) and aim at minimizing resource usage for
this target. They can be used as a basis for custom configurations.
These files are complete replacements for the default config.h. To use one of
them, you can pick one of the following methods:
1. Replace the default file include/mbedtls/config.h with the chosen one.
(Depending on your compiler, you may need to adjust the line with
#include "mbedtls/check_config.h" then.)
2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly.
For example, using make:
CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" make
Or, using cmake:
find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" cmake .
make
Note that the second method also works if you want to keep your custom
configuration file outside the mbed TLS tree.