All ports using this common configuration already enable time/date
validation, so this commit is a no-op change.
Signed-off-by: Damien George <damien@micropython.org>
This is necessary to access sites that only support these protocols.
The rp2 port already has ECDH enabled, so this just adds ECDSA there. The
other ports now gain both ECDH and ECDSA. The code size increase is:
- rp2 (PICO_W): +2916 bytes flash, +24 bytes BSS
- stm32 (PYBD_SF6): +20480 bytes flash, +32 bytes data, +48 bytes BSS
- mimxrt (TEENSY41): +20708 bytes flash, +32 bytes data, +48 bytes BSS
- unix (standard x86-64): +39344 executable, +1744 bytes data, +96 BSS
This is obviously a large increase in code size. But there doesn't seem to
be any other option because without elliptic curve cryptography devices are
partially cut off from the internet. For use cases that require small
firmware size, they'll need to build custom firmware with a custom mbedtls
config.
Signed-off-by: Damien George <damien@micropython.org>
These files that are reformatted only now fall under the list of files to
apply uncrustify/black formatting to.
Signed-off-by: Damien George <damien@micropython.org>
This adds MBEDTLS_MD_SHA1 to the list of default hashes for TLS 1.2
handshake signatures. Although SHA-1 is weak, this option is turned on in
the default mbedtls configuration file, and allows better compatibility
with older servers. In particular it allows an stm32-mbedtls-based client
to connect to an axtls-based client (eg default unix port and esp8266).
Signed-off-by: Damien George <damien@micropython.org>
To use it a board should define MICROPY_PY_USSL=1 and MICROPY_SSL_MBEDTLS=1
at the Makefile level. With the provided configuration it adds about 64k
to the build.