Manuel Pégourié-Gonnard
Manuel Pégourié-Gonnard
I'll also note that using a callback to force-accept a certificate is not equivalent to `MBEDTLS_SSL_VERIFY_NONE`: with `VERIFY_NONE` we don't even parse the presented certificate, so the connection will proceed...
Pushing an update that: - rebases over current 3.6 - fixes code style - fixes one of the build issues found by the CI - let's see if other failures...
CI came back green except for code style issues. I'm pushing an update fixing them (hopefully for real this time). Once CI fully green I'll go over existing feedback on...
I've pushed a commit addressing Tom's comments, and double-check that remaining comments on #9281 had already been addressed by Janos's commits. @yanesca I think this is now ready for your...
@bensze01 That's a near-approval from me, so I think you can start working on the backports. @tom-cosgrove-arm Will you be able to review the backports or should I look for...
@bensze01 Looks like #9657 is going to be merged first (just added it the merge queue), so this will need a rebase or a merge in order to resolve the...
Note: the failures of the armcc components on OpenCI are unrelated to this PR (issues with the license server).
Note: removing CBC ciphersuites means we can also remove support of the Encrypt-then-Mac extension. Make sure to also remove the option in test programs, and to fully remove related tests....
Note: we have tests in `ssl-opt.sh` that use static ECDH key exchange to test other things, for example, handling of the keyUsage extension in certificates. To my knowledge, static ECDH...
I don't think there was a strong agreement on the list. The option most likely to eventually get a consensus would be to turn it into a part of a...