Allow compile-time configuration of authentication mode Introduces MBEDTLS_SSL_CONF_AUTHMODE to fix the authentication mode (none, optional, mandatory) at compile-time. Impact on code-size: | | GCC | ARMC5 | ARMC6 | | --- | --- | --- | --- | | `libmbedtls.a` before | 23487 | 24025 | 27885 | | `libmbedtls.a` after | 23379 | 23929 | 27727 | | gain in Bytes | 108 | 96 | 157 |

commit: acd4fc0ac941db79a9ba6e50f8f6f58d02865d4c [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Wed Jun 12 16:40:50 2019 +0100
committer: Hanno Becker <hanno.becker@arm.com> Tue Jul 02 16:41:29 2019 +0100
tree: 01209c14ff416a9da2887628c42f5230b77426a0
parent: de67154658677b32d41ffdbf60c1bd1cd3b782cb [diff] [blame]
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 3fcc120..89bd4f4 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c

@@ -400,6 +400,14 @@
 #define USAGE_SERIALIZATION ""
 #endif
 
+#if !defined(MBEDTLS_SSL_CONF_AUTHMODE)
+#define USAGE_AUTH_MODE \
+    "    auth_mode=%%s        default: (library default: none)\n" \
+    "                        options: none, optional, required\n"
+#else
+#define USAGE_AUTH_MODE ""
+#endif
+
 #define USAGE \
     "\n usage: ssl_server2 param=<>...\n"                   \
     "\n acceptable parameters:\n"                           \
@@ -422,8 +430,7 @@
     USAGE_ANTI_REPLAY                                       \
     USAGE_BADMAC_LIMIT                                      \
     "\n"                                                    \
-    "    auth_mode=%%s        default: (library default: none)\n"      \
-    "                        options: none, optional, required\n" \
+    USAGE_AUTH_MODE                                         \
     "    cert_req_ca_list=%%d default: 1 (send ca list)\n"  \
     "                        options: 1 (send ca list), 0 (don't send)\n" \
     USAGE_IO                                                \
@@ -619,6 +626,7 @@
     return( ret );
 }
 
+#if !defined(MBEDTLS_SSL_CONF_AUTHMODE)
 /*
  * Return authmode from string, or -1 on error
  */
@@ -633,6 +641,7 @@
 
     return( -1 );
 }
+#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */
 
 /*
  * Used by sni_parse and psk_parse to handle coma-separated lists
@@ -1787,11 +1796,13 @@
             else
                 goto usage;
         }
+#if !defined(MBEDTLS_SSL_CONF_AUTHMODE)
         else if( strcmp( p, "auth_mode" ) == 0 )
         {
             if( ( opt.auth_mode = get_auth_mode( q ) ) < 0 )
                 goto usage;
         }
+#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */
         else if( strcmp( p, "cert_req_ca_list" ) == 0 )
         {
             opt.cert_req_ca_list = atoi( q );
@@ -2445,8 +2456,10 @@
     }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
+#if !defined(MBEDTLS_SSL_CONF_AUTHMODE)
     if( opt.auth_mode != DFL_AUTH_MODE )
         mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
+#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */
 
     if( opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST )
         mbedtls_ssl_conf_cert_req_ca_list( &conf, opt.cert_req_ca_list );
commit	acd4fc0ac941db79a9ba6e50f8f6f58d02865d4c	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Wed Jun 12 16:40:50 2019 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Tue Jul 02 16:41:29 2019 +0100
tree	01209c14ff416a9da2887628c42f5230b77426a0
parent	de67154658677b32d41ffdbf60c1bd1cd3b782cb [diff] [blame]