cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-29 00:18:06 -04:00
Code Issues Packages Projects Releases Wiki Activity

requires_certificate_authentication: prioritize TLS 1.3

Browse Source 
When checking whether the build supports certificate authentication, check
the key exchange modes enabled in the default protocol version. This is TLS
1.3 when it's enabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-09-10 12:24:23 +02:00
parent d57212ee9e
commit cfbaffdfcc
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tests/ssl-opt.sh
View File

@ -326,12 +326,13 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED" MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED"
requires_certificate_authentication () { requires_certificate_authentication () {
if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
then then
# TLS 1.3 is negotiated by default, so check whether it supports
# certificate-based authentication.
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
else # Only TLS 1.2 is enabled.
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
elif ! is_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
then
SKIP_NEXT="YES"
fi fi
} }