Allow compile-time configuration of legacy renegotiation
Introduces MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION
allowing to configure enforcing secure renegotiation at
compile-time.
Impact on code-size:
| | GCC | ARMC5 | ARMC6 |
| --- | --- | --- | --- |
| `libmbedtls.a` after | 23379 | 23929 | 27727 |
| `libmbedtls.a` before | 23307 | 23865 | 27615 |
| gain in Bytes | 72 | 64 | 112 |
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 4c3fc15..c5ff97e 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -543,6 +543,20 @@
fi
}
+check_cmdline_legacy_renego_compat() {
+ __VAL="$( get_config_value_or_default "MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION" )"
+ if [ ! -z "$__VAL" ]; then
+ extract_cmdline_argument "allow_legacy"
+ if [ "$__ARG" = "-1" ] && [ "$__VAL" != "2" ]; then
+ SKIP_NEXT="YES";
+ elif [ "$__ARG" = "0" ] && [ "$__VAL" != "0" ]; then
+ SKIP_NEXT="YES"
+ elif [ "$__ARG" = "1" ] && [ "$__VAL" != "1" ]; then
+ SKIP_NEXT="YES"
+ fi
+ fi
+}
+
# Go through all options that can be hardcoded at compile-time and
# detect whether the command line configures them in a conflicting
# way. If so, skip the test. Otherwise, remove the corresponding
@@ -569,6 +583,9 @@
# Authentication mode
check_cmdline_authmode_compat
+
+ # Legacy renegotiation
+ check_cmdline_legacy_renego_compat
}
# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]