Add config sanity check for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE

commit: fe4ef0c1ae20dde1eb5a63b3083576b2e16579cc [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Tue Feb 26 11:43:09 2019 +0000
committer: Hanno Becker <hanno.becker@arm.com> Tue Feb 26 14:38:09 2019 +0000
tree: eac9c606809a75ed202157a93494c3241b548fed
parent: a1051b4e9ae55827be7792272dfe59f28f07307a [diff] [blame]
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 6e23379..b793ac0 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -787,7 +787,8 @@
 typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) &&        \
+    !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
 #define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN  48
 #if defined(MBEDTLS_SHA256_C)
 #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
@@ -799,9 +800,11 @@
 #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1
 #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN  20
 #else
+/* This is already checked in check_config.h, but be sure. */
 #error "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT."
 #endif
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED &&
+          !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
 /*
  * This structure is used for storing current session data.
commit	fe4ef0c1ae20dde1eb5a63b3083576b2e16579cc	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Tue Feb 26 11:43:09 2019 +0000
committer	Hanno Becker <hanno.becker@arm.com>	Tue Feb 26 14:38:09 2019 +0000
tree	eac9c606809a75ed202157a93494c3241b548fed
parent	a1051b4e9ae55827be7792272dfe59f28f07307a [diff] [blame]