Adding delayed server cert verification config option

commit: f336c7ea7185e9e8624793edebd1adcaf4aea6db [log] [tgz]
author: Hannes Tschofenig <hannes.tschofenig@arm.com> Thu Dec 03 15:47:47 2020 +0100
committer: Hannes Tschofenig <hannes.tschofenig@arm.com> Thu Dec 03 15:47:47 2020 +0100
tree: e4c1c26bba3508cb32674cebfacb063d03c6d4fd
parent: c7f6d7f75cec386d0147909c7522ee57d587eae2 [diff] [blame]
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index ee25107..ebc2830 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h

@@ -41,6 +41,15 @@
  */
 
 /**
+ * \def MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
+ *
+ * Enable the delayed verification of server 
+ * certificates on the client side. 
+ *
+ */
+#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
+
+/**
  * \def MBEDTLS_HAVE_ASM
  *
  * The compiler has support for asm().
@@ -1593,6 +1602,20 @@
 #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 
 /**
+ * \def MBEDTLS_SSL_FREE_SERVER_CERTIFICATE
+ *
+ * This option controls determines whether the server certificate is discarded
+ * after a handshake when the MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is enabled.
+ *
+ * Use of this option is useful in combined with the delayed certificate verification
+ * when the server certificate has to be kept for the duration of the handshake
+ * but not afterwards.
+ *
+ */
+#define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE
+
+
+/**
  * \def MBEDTLS_SSL_HW_RECORD_ACCEL
  *
  * Enable hooking functions in SSL module for hardware acceleration of
commit	f336c7ea7185e9e8624793edebd1adcaf4aea6db	[log] [tgz]
author	Hannes Tschofenig <hannes.tschofenig@arm.com>	Thu Dec 03 15:47:47 2020 +0100
committer	Hannes Tschofenig <hannes.tschofenig@arm.com>	Thu Dec 03 15:47:47 2020 +0100
tree	e4c1c26bba3508cb32674cebfacb063d03c6d4fd
parent	c7f6d7f75cec386d0147909c7522ee57d587eae2 [diff] [blame]