Disable MBEDTLS_SSL_RENEGOTIATION in tls13-only configuration There's no renegotiation in TLS 1.3, so this option should have no effect. Insist on having it disabled, to avoid the risk of accidentally having different behavior in TLS 1.3 if the option is enabled (as happened in https://github.com/Mbed-TLS/mbedtls/issues/6200). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 7d3186d18ad9e1ad9755514ded08dd79670db7e3 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Fri Aug 12 22:43:18 2022 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Wed Mar 01 19:47:23 2023 +0100
tree: 4ac5a6b9dff8be227e6c258279302b5c351f93b5
parent: f4385faa6f740ca07aac48874242b7a0769b778f [diff] [blame]
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index ac374d2..2d2fae5 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h

@@ -936,6 +936,11 @@
 #error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_SSL_RENEGOTIATION) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#error "MBEDTLS_SSL_RENEGOTIATION defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_SSL_TICKET_C) && ( !defined(MBEDTLS_CIPHER_C) && \
                                        !defined(MBEDTLS_USE_PSA_CRYPTO) )
 #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
commit	7d3186d18ad9e1ad9755514ded08dd79670db7e3	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Fri Aug 12 22:43:18 2022 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Mar 01 19:47:23 2023 +0100
tree	4ac5a6b9dff8be227e6c258279302b5c351f93b5
parent	f4385faa6f740ca07aac48874242b7a0769b778f [diff] [blame]