fix(mbedtls): remove deprecated MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION

This config has been removed in the upstream mbedTLS starting 3.0
release. Please see mbedTLS changelog for more details.
This commit is contained in:
Mahavir Jain 2023-10-09 11:14:10 +05:30
parent 088c546964
commit 3e90ed6428
2 changed files with 0 additions and 31 deletions

View File

@ -1029,16 +1029,4 @@ menu "mbedTLS"
then the ESP will be unable to process keys greater
than SOC_RSA_MAX_BIT_LEN.
menuconfig MBEDTLS_SECURITY_RISKS
bool "Show configurations with potential security risks"
default n
config MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT
bool "X.509 CRT parsing with unsupported critical extensions"
depends on MBEDTLS_SECURITY_RISKS
default n
help
Allow the X.509 certificate parser to load certificates
with unsupported critical extensions
endmenu # mbedTLS

View File

@ -2737,25 +2737,6 @@
*/
#define MBEDTLS_X509_CRT_WRITE_C
/**
* \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*
* Alow the X509 parser to not break-off when parsing an X509 certificate
* and encountering an unknown critical extension.
*
* Module: library/x509_crt.c
*
* Requires: MBEDTLS_X509_CRT_PARSE_C
*
* This module is supports loading of certificates with extensions that
* may not be supported by mbedtls.
*/
#ifdef CONFIG_MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT
#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
#else
#undef MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
#endif
/**
* \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
*