modules: mbedtls: Extend generic config with SSL cache

Add Kconfig configuration options which allow to configure session caching in mbed TLS. Note, that mbed TLS only takes care of server-side caching, the application (socket layer) needs to implement a session storage for client. Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2022-03-09 12:43:59 +01:00 · 2022-03-09 12:43:59 +01:00 · bbba7c951d
parent 523e5a6bd5
commit bbba7c951d
2 changed files with 21 additions and 0 deletions
--- a/modules/mbedtls/Kconfig.tls-generic
+++ b/modules/mbedtls/Kconfig.tls-generic
@ -396,4 +396,19 @@ config MBEDTLS_PKCS5_C
 	help
 	  Enable PKCS5 functions

+config MBEDTLS_SSL_CACHE_C
+	bool "SSL session cache support"
+	help
+	  "This option enables simple SSL cache implementation (server side)."
+
+config MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT
+	int "Default timeout for SSL cache entires"
+	depends on MBEDTLS_SSL_CACHE_C
+	default 86400
+
+config MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES
+	int "Maximum number of SSL cache entires"
+	depends on MBEDTLS_SSL_CACHE_C
+	default 5
+
 endmenu
--- a/modules/mbedtls/configs/config-tls-generic.h
+++ b/modules/mbedtls/configs/config-tls-generic.h
@ -434,6 +434,12 @@
 #define MBEDTLS_SSL_SERVER_NAME_INDICATION
 #endif

+#if defined(CONFIG_MBEDTLS_SSL_CACHE_C)
+#define MBEDTLS_SSL_CACHE_C
+#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT CONFIG_MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT
+#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES CONFIG_MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES
+#endif
+
 /* User config file */

 #if defined(CONFIG_MBEDTLS_USER_CONFIG_FILE)