Add an "SSL" infix to MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/configs/baremetal.h b/configs/baremetal.h
index 3c59bb9..a0fb744 100644
--- a/configs/baremetal.h
+++ b/configs/baremetal.h
@@ -163,7 +163,7 @@
/* Further optimizations */
#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
-#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
+#define MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION
#define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE
#define MBEDTLS_SSL_IMMEDIATE_TRANSMISSION
#define MBEDTLS_SSL_EARLY_KEY_COMPUTATION
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 2a2f19c..4c92954 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -910,8 +910,8 @@
#undef MBEDTLS_HASHES_ENABLED
#endif /* MBEDTLS_MD_SINGLE_HASH */
-#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) && !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-#error "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION can only be used with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
+#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) && !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+#error "MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION can only be used with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
#endif
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index d9b6922..22eba11 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -41,13 +41,13 @@
*/
/**
- * \def MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
+ * \def MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION
*
* Enable the delayed verification of server
* certificates on the client side.
*
*/
-//#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
+//#define MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION
/**
* \def MBEDTLS_HAVE_ASM
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 5d8f6fd..441109d 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -1089,12 +1089,12 @@
mbedtls_md_type_t md );
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION)
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION)
int mbedtls_ssl_parse_delayed_certificate_verify( mbedtls_ssl_context *ssl,
int authmode,
mbedtls_x509_crt *chain,
void *rs_ctx );
-#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */
+#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */
static inline int mbedtls_ssl_get_minor_ver( mbedtls_ssl_context const *ssl )
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index ba6a806..cc6c86d 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -4229,10 +4229,10 @@
int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
-#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION)
+#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION)
void *rs_ctx = NULL;
int authmode;
-#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */
+#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */
if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -4339,7 +4339,7 @@
case MBEDTLS_SSL_CLIENT_FINISHED:
-#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION)
+#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION)
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET
? ssl->handshake->sni_authmode
@@ -4354,7 +4354,7 @@
ssl->session_negotiate->peer_cert, rs_ctx );
if( ret != 0 )
break;
-#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */
+#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */
ret = mbedtls_ssl_write_finished( ssl );
break;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 75ec821..6415281 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8022,7 +8022,7 @@
}
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION)
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION)
/* mbedtls_ssl_parse_delayed_certificate_verify() defines a wrapper around ssl_parse_certificate_verify
* to call it in ssl_cli.c rather than purely internal to ssl_tls.c.
*/
@@ -8038,7 +8038,7 @@
rs_ctx ) );
}
-#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */
+#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
@@ -8181,13 +8181,13 @@
rs_ctx = &ssl->handshake->ecrs_ctx;
#endif
-#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION)
+#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION)
if (mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "delay server certificate verification" ) );
}
else
-#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */
+#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */
{
ret = ssl_parse_certificate_verify( ssl, authmode,
chain, rs_ctx );
diff --git a/library/version_features.c b/library/version_features.c
index 0ada3c6..c270c3a 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -33,9 +33,9 @@
static const char *features[] = {
#if defined(MBEDTLS_VERSION_FEATURES)
-#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION)
- "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION",
-#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */
+#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION)
+ "MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION",
+#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */
#if defined(MBEDTLS_HAVE_ASM)
"MBEDTLS_HAVE_ASM",
#endif /* MBEDTLS_HAVE_ASM */
diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
index 1f8ae21..4798f7c 100644
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -130,13 +130,13 @@
int query_config( const char *config )
{
-#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION)
- if( strcmp( "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION", config ) == 0 )
+#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION)
+ if( strcmp( "MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION", config ) == 0 )
{
- MACRO_EXPANSION_TO_STR( MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION );
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION );
return( 0 );
}
-#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */
+#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */
#if defined(MBEDTLS_HAVE_ASM)
if( strcmp( "MBEDTLS_HAVE_ASM", config ) == 0 )
diff --git a/scripts/config.pl b/scripts/config.pl
index d2af5a4..6d6a470 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -62,7 +62,7 @@
# MBEDTLS_OPTIMIZE_TINYCRYPT_ASM
# MBEDTLS_AES_128_BIT_MASKED
# MBEDTLS_PLATFORM_FAULT_CALLBACKS
-# MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
+# MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION
# MBEDTLS_SSL_FREE_SERVER_CERTIFICATE
# MBEDTLS_SSL_IMMEDIATE_TRANSMISSION
# MBEDTLS_SSL_EARLY_KEY_COMPUTATION
@@ -154,7 +154,7 @@
MBEDTLS_OPTIMIZE_TINYCRYPT_ASM
MBEDTLS_AES_128_BIT_MASKED
MBEDTLS_PLATFORM_FAULT_CALLBACKS
-MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
+MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION
MBEDTLS_SSL_FREE_SERVER_CERTIFICATE
MBEDTLS_SSL_IMMEDIATE_TRANSMISSION
MBEDTLS_SSL_EARLY_KEY_COMPUTATION