Enforce promise to not use whole ssl context
Configs with no DEBUG_C are used for example in test-ref-configs.pl, which also
runs parts of compat.sh or ssl-opt.sh on them, so the added 'ssl = NULL'
statements will be exercised in those tests at least.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 822d972..74cb756 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1027,6 +1027,7 @@
#if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL) && \
!defined(MBEDTLS_SSL_EXPORT_KEYS) && \
!defined(MBEDTLS_DEBUG_C)
+ ssl = NULL; /* make sure we don't use it except for those cases */
(void) ssl;
#endif
@@ -1625,6 +1626,7 @@
!defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
!(defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED))
+ ssl = NULL; /* make sure we don't use it except for those cases */
(void) ssl;
#endif
@@ -2312,6 +2314,7 @@
/* The SSL context is only used for debugging purposes! */
#if !defined(MBEDTLS_DEBUG_C)
+ ssl = NULL; /* make sure we don't use it except for debug */
((void) ssl);
#endif
@@ -2741,6 +2744,7 @@
size_t add_data_len;
#if !defined(MBEDTLS_DEBUG_C)
+ ssl = NULL; /* make sure we don't use it except for debug */
((void) ssl);
#endif