Add new config MBEDTLS_SSL_CONTEXT_SERIALIZATION
This is enabled by default as we generally enable things by default unless there's a reason not to (experimental, deprecated, security risk). We need a compile-time option because, even though the functions themselves can be easily garbage-collected by the linker, implementing them will require saving 64 bytes of Client/ServerHello.random values after the handshake, that would otherwise not be needed, and people who don't need this feature shouldn't have to pay the price of increased RAM usage.
This commit is contained in:
parent
be34e8e9c0
commit
afa8f71700
@ -1403,6 +1403,33 @@
|
|||||||
*/
|
*/
|
||||||
//#define MBEDTLS_SSL_ASYNC_PRIVATE
|
//#define MBEDTLS_SSL_ASYNC_PRIVATE
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||||
|
*
|
||||||
|
* Enable the APIs for serialization of a full SSL context:
|
||||||
|
* mbedtls_ssl_context_save() and mbedtls_ssl_context_load().
|
||||||
|
*
|
||||||
|
* This pair of functions allows one side of a connection to serialize the
|
||||||
|
* context associated with the connection, then free or re-use that context
|
||||||
|
* while the serialized state is persisted elsewhere, and finally deserialize
|
||||||
|
* that state to a live context for resuming read/write operations on the
|
||||||
|
* connection, in a way that's transparent to the peer, since from a protocol
|
||||||
|
* point of view, the state of the connection is unaffected.
|
||||||
|
*
|
||||||
|
* Note: this is distinct from TLS session resumption, which is part of the
|
||||||
|
* protocol and fully visible by the peer. TLS session resumption enables
|
||||||
|
* establishing new connections associated to a saved session with shorter,
|
||||||
|
* lighter handshakes, while context serialization is a local optimisation in
|
||||||
|
* handling a single, potentially long-lived connection.
|
||||||
|
*
|
||||||
|
* Enabling these APIs makes some SSL structures larger, as 64 extra bytes are
|
||||||
|
* saved after the handshake to allow for more efficient serialization, so if
|
||||||
|
* you don't need this feature you'll save RAM by disabling it.
|
||||||
|
*
|
||||||
|
* Comment to disable the context serialization APIs.
|
||||||
|
*/
|
||||||
|
#define MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_DEBUG_ALL
|
* \def MBEDTLS_SSL_DEBUG_ALL
|
||||||
*
|
*
|
||||||
|
@ -459,6 +459,9 @@ static const char * const features[] = {
|
|||||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||||
"MBEDTLS_SSL_ASYNC_PRIVATE",
|
"MBEDTLS_SSL_ASYNC_PRIVATE",
|
||||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||||
|
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
||||||
|
"MBEDTLS_SSL_CONTEXT_SERIALIZATION",
|
||||||
|
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
|
||||||
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
||||||
"MBEDTLS_SSL_DEBUG_ALL",
|
"MBEDTLS_SSL_DEBUG_ALL",
|
||||||
#endif /* MBEDTLS_SSL_DEBUG_ALL */
|
#endif /* MBEDTLS_SSL_DEBUG_ALL */
|
||||||
|
@ -1266,6 +1266,14 @@ int query_config( const char *config )
|
|||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
||||||
|
if( strcmp( "MBEDTLS_SSL_CONTEXT_SERIALIZATION", config ) == 0 )
|
||||||
|
{
|
||||||
|
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONTEXT_SERIALIZATION );
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
||||||
if( strcmp( "MBEDTLS_SSL_DEBUG_ALL", config ) == 0 )
|
if( strcmp( "MBEDTLS_SSL_DEBUG_ALL", config ) == 0 )
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user