mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 01:10:48 +02:00
c950a6aa46
Follow-up to #7731 ("Changes needed for default TLS support in zephyr kernel"). Zephyr 4.3's TLS socket integration uses three additional wolfSSL features that were not needed by the 3.7 integration, plus an extension to the native_sim time-source gates introduced in #7731. native_sim timer gates (src/internal.c, wolfcrypt/src/wc_port.c): Extend the !CONFIG_BOARD_NATIVE_POSIX gate in LowResTimer() and the CONFIG_BOARD_NATIVE_POSIX RTC path in z_time() to also cover CONFIG_BOARD_NATIVE_SIM. Zephyr 4.3 renamed the simulator board from native_posix to native_sim; without this, k_cpu_idle() on native_sim advances simulated time during DTLS retransmit loops and the RTC path falls through to uptime-since-boot. Behavior on native_posix is unchanged. New Kconfig options (zephyr/Kconfig, zephyr/user_settings.h): CONFIG_WOLFSSL_SESSION_EXPORT -> HAVE_EXT_CACHE Required by consumers that serialize TLS session state across connections via wolfSSL_i2d_SSL_SESSION / wolfSSL_d2i_SSL_SESSION. CONFIG_WOLFSSL_KEEP_PEER_CERT -> KEEP_PEER_CERT Retain the peer certificate after handshake so the application layer can inspect it via wolfSSL_get_peer_certificate. CONFIG_WOLFSSL_ALWAYS_VERIFY_CB -> WOLFSSL_ALWAYS_VERIFY_CB Invoke an application-set verify callback on successful chain validation in addition to validation failures. All three are default-off; customers opt in the same way they do for the existing CONFIG_WOLFSSL_DTLS / ALPN / PSK feature options. .wolfssl_known_macro_extras: register HAVE_EXT_CACHE.