Make mbedtls_ssl_check_cert_usage() work for 1.3 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: 4938b693f31ec275a39e249ba67650d78f9546ef [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Fri Aug 09 11:49:12 2024 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Aug 20 22:03:10 2024 +0200
tree: c58125ad501c547fc0661a4cec78d5959e3838fe
parent: 96a0c5c48e1692fb1ca4f2c6d93731c9d6aee070 [diff] [blame]
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 40d7187..ecb2d03 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h

@@ -1678,6 +1678,8 @@
  * keyUsage and extendedKeyUsage.
  * (Note: nSCertType is deprecated and not standard, we don't check it.)
  *
+ * Note: if tls_version is 1.3, ciphersuite is ignored and can be NULL.
+ *
  * Note: recv_endpoint is the receiver's endpoint.
  *
  * Return 0 if everything is OK, -1 if not.
@@ -1686,6 +1688,7 @@
 int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
                                  const mbedtls_ssl_ciphersuite_t *ciphersuite,
                                  int recv_endpoint,
+                                 mbedtls_ssl_protocol_version tls_version,
                                  uint32_t *flags);
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
commit	4938b693f31ec275a39e249ba67650d78f9546ef	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Fri Aug 09 11:49:12 2024 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Tue Aug 20 22:03:10 2024 +0200
tree	c58125ad501c547fc0661a4cec78d5959e3838fe
parent	96a0c5c48e1692fb1ca4f2c6d93731c9d6aee070 [diff] [blame]