commit c2cfdaa693773ab8ad441173dcb269222b0dd9cd
author Hanno Becker <hanno.becker@arm.com> Thu Jun 13 12:33:03 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Tue Jul 02 16:42:45 2019 +0100
tree 60600f334a8317141878cf58e4db7cd54a05a623
parent 2d9623f7d5da1069b61d0993fad34e517f26fe56

Allow config'n of incl of CertificateReq CA list Y/N at compile-time

Introduces MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST which allows to configure
at compile-time whether a CA list should be included in the
CertificateRequest message sent by the server.

Impact on code-size:

|  | GCC 8.2.1 | ARMC5 5.06 | ARMC6 6.12 |
| --- | --- | --- | --- |
| `libmbedtls.a` before  | 23131 | 23805 | 26673 |
| `libmbedtls.a` after | 23099 | 23781 | 26639 |
| gain in Bytes | 32 | 24 | 34 |

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index b6b7750..f8d2ec4 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2947,7 +2947,8 @@
 
     total_dn_size = 0;
 
-    if( ssl->conf->cert_req_ca_list ==  MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED )
+    if( mbedtls_ssl_conf_get_cert_req_ca_list( ssl->conf )
+        == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED )
     {
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
         if( ssl->handshake->sni_ca_chain != NULL )