Add compile-time option to enable X.509 CA callbacks

commit: 288dedcc7221901d61ed355026839b3cfa82c543 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Wed Mar 27 11:00:53 2019 +0000
committer: Hanno Becker <hanno.becker@arm.com> Thu Mar 28 15:39:50 2019 +0000
tree: 55d45d6dda49d6cc8e9e717046e2c72e6a9e0782
parent: 3f8d78411a26e833db18d9fbde0e2f0baeda87f0 [diff] [blame]
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 3a2fed5..ed8bafa 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h

@@ -1745,6 +1745,25 @@
 //#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
 
 /**
+ * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+ *
+ * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_cb()`
+ * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure
+ * the set of trusted certificates through a callback instead of a linked
+ * list.
+ *
+ * This is useful for example in environments where a large number of trusted
+ * certificates is present and storing them in a linked list isn't efficient
+ * enough, or when the set of trusted certificates changes frequently.
+ *
+ * See the documentation of `mbedtls_x509_crt_verify_with_cb()` and
+ * `mbedtls_ssl_conf_ca_cb()` for more information.
+ *
+ * Uncomment to enable trusted certificate callbacks.
+ */
+//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+
+/**
  * \def MBEDTLS_X509_CHECK_KEY_USAGE
  *
  * Enable verification of the keyUsage extension (CA and leaf certificates).
commit	288dedcc7221901d61ed355026839b3cfa82c543	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Wed Mar 27 11:00:53 2019 +0000
committer	Hanno Becker <hanno.becker@arm.com>	Thu Mar 28 15:39:50 2019 +0000
tree	55d45d6dda49d6cc8e9e717046e2c72e6a9e0782
parent	3f8d78411a26e833db18d9fbde0e2f0baeda87f0 [diff] [blame]