commit c2cfdaa693773ab8ad441173dcb269222b0dd9cd
author Hanno Becker <hanno.becker@arm.com> Thu Jun 13 12:33:03 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Tue Jul 02 16:42:45 2019 +0100
tree 60600f334a8317141878cf58e4db7cd54a05a623
parent 2d9623f7d5da1069b61d0993fad34e517f26fe56

Allow config'n of incl of CertificateReq CA list Y/N at compile-time

Introduces MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST which allows to configure
at compile-time whether a CA list should be included in the
CertificateRequest message sent by the server.

Impact on code-size:

|  | GCC 8.2.1 | ARMC5 5.06 | ARMC6 6.12 |
| --- | --- | --- | --- |
| `libmbedtls.a` before  | 23131 | 23805 | 26673 |
| `libmbedtls.a` after | 23099 | 23781 | 26639 |
| gain in Bytes | 32 | 24 | 34 |

programs/ssl/query_config.c

diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
index 29b778c..bcdafb6 100644
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -2610,6 +2610,14 @@
     }
 #endif /* MBEDTLS_SSL_CONF_ENDPOINT */
 
+#if defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST)
+    if( strcmp( "MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST */
+
 #if defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN)
     if( strcmp( "MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN", config ) == 0 )
     {

programs/ssl/ssl_server2.c

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 707660f..5fbbddd 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -422,6 +422,14 @@
 #define USAGE_READ_TIMEOUT ""
 #endif
 
+#if !defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST)
+#define USAGE_CERT_REQ_CA_LIST                              \
+    "    cert_req_ca_list=%%d default: 1 (send ca list)\n"  \
+    "                        options: 1 (send ca list), 0 (don't send)\n"
+#else
+#define USAGE_CERT_REQ_CA_LIST ""
+#endif
+
 #define USAGE \
     "\n usage: ssl_server2 param=<>...\n"                   \
     "\n acceptable parameters:\n"                           \
@@ -445,8 +453,7 @@
     USAGE_BADMAC_LIMIT                                      \
     "\n"                                                    \
     USAGE_AUTH_MODE                                         \
-    "    cert_req_ca_list=%%d default: 1 (send ca list)\n"  \
-    "                        options: 1 (send ca list), 0 (don't send)\n" \
+    USAGE_CERT_REQ_CA_LIST                                  \
     USAGE_IO                                                \
     USAGE_SSL_ASYNC                                         \
     USAGE_SNI                                               \
@@ -2479,8 +2486,10 @@
         mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
 #endif /* !MBEDTLS_SSL_CONF_AUTHMODE */
 
+#if !defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST)
     if( opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST )
         mbedtls_ssl_conf_cert_req_ca_list( &conf, opt.cert_req_ca_list );
+#endif
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )