diff options
| author | Angus Gratton <angus@redyak.com.au> | 2025-06-05 15:32:38 +1000 |
|---|---|---|
| committer | Damien George <damien@micropython.org> | 2025-07-23 15:47:16 +1000 |
| commit | 9b7d85227e67a7edd608aab4ff7eb4a838651f75 (patch) | |
| tree | 4a4681d5567f3782771c7c68367890b66fc56059 /py | |
| parent | 41e0ec96cb10580c8d77156ed51c2e34bc2fc0ac (diff) | |
extmod/mbedtls: Implement recommended DTLS features, make optional.
- DTLS spec recommends HelloVerify and Anti Replay protection be enabled,
and these are enabled in the default mbedTLS config. Implement them here.
- To help compensate for the possible increase in code size, add a
MICROPY_PY_SSL_DTLS build config macro that's enabled for EXTRA and
above by default.
This allows bare metal mbedTLS ports to use DTLS with HelloVerify support.
This work was funded through GitHub Sponsors.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
Diffstat (limited to 'py')
| -rw-r--r-- | py/mpconfig.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/py/mpconfig.h b/py/mpconfig.h index 4c1276275..a1025fe5e 100644 --- a/py/mpconfig.h +++ b/py/mpconfig.h @@ -1941,6 +1941,11 @@ typedef time_t mp_timestamp_t; #define MICROPY_PY_SSL_MBEDTLS_NEED_ACTIVE_CONTEXT (MICROPY_PY_SSL_ECDSA_SIGN_ALT) #endif +// Whether to support DTLS protocol (non-CPython feature) +#ifndef MICROPY_PY_SSL_DTLS +#define MICROPY_PY_SSL_DTLS (MICROPY_SSL_MBEDTLS && MICROPY_CONFIG_ROM_LEVEL_AT_LEAST_EXTRA_FEATURES) +#endif + // Whether to provide the "vfs" module #ifndef MICROPY_PY_VFS #define MICROPY_PY_VFS (MICROPY_CONFIG_ROM_LEVEL_AT_LEAST_CORE_FEATURES && MICROPY_VFS) |