mbedtls icon indicating copy to clipboard operation
mbedtls copied to clipboard

Published 20 hours ago verified publisher icon Mbed-TLS

Revise the granularity of X.509 options

Open gilles-peskine-arm opened this issue 11 months ago • 0 comments

Revise MBEDTLS_X509_xxx options, try to eliminate some.

  • Do we really need MBEDTLS_X509_USE_C and MBEDTLS_X509_CREATE_C? CREATE without USE doesn't seem very useful. But needing USE without CREATE is common, so keep MBEDTLS_X509_CREATE?
  • MBEDTLS_X509_RSASSA_PSS_SUPPORT? It guards quite a bit of code so we should probably keep it for code size.
  • Split mbedx509_config.h from mbedtls_config.h? Doesn't seem worth the trouble.

See also https://github.com/Mbed-TLS/mbedtls/issues/8107, https://github.com/Mbed-TLS/mbedtls/issues/8973.

gilles-peskine-arm avatar Mar 21 '24 14:03 gilles-peskine-arm