-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide a place for user-specific configuration and files #9869
Comments
Thanks for the suggestion. We had plans about splitting the configuration file in a somewhat similar way. Our goal was to get a better separation between "user config" and "list of all tunable options for reference", because the confusion between the two causes issues in some of our test scripts. But the end result would be similar: better separation between a "read-only" part and an "editable" part. This kind of change can only be done in a major version, because it's a breaking API change. Unfortunately, at this point it seems unlikely we'll have time to do it in the upcoming one (Mbed TLS 4.0 + TF-PSA-Crypto 1.0). |
A related proposal: #9664 (To clarify, this doesn't solve the same problem. It's related in that it's another proposal for reorganizing the configuration files, but that one is for maintainers' convenience and would not, in itself, change things for application developers.) |
Where is the break? Also, @gilles-peskine-arm suggested to backport to 3.6 branch in his issue; this hints that the changes are minor. Additionally, OpenSSL could be mentioned here - before building it, user had to run a script that created a file with the desired settings. This file does roughly the same as should do |
I'm not sure I understand. How does that differ from defining
I don't understand how that could work. What we distribute has to work for different kinds of users, including:
(These are not theoretical concerns: all of these scenarios have come up in the past.) Providing empty files as placeholders would break some of these scenarios. We'd have to provide a way to override the names of these files. But then what's the advantage over the current organization? |
Indeed, if we stop honoring If we define
The change I proposed in #9664 would result in releases with identical |
Suggested enhancement
Add a directory (at the library root) for user-specific settings and files - for example,
custom
.The directory contains a number of empty files as placeholders. There should be:
custom/mbedtls_user_config.h
,custom/crypto_user_config.h
,custom/threading_alt.h
... all other files corresponding to '_ALT' macros.
Justification
Users should not edit
mbedtls_config.h
; all settings go tocustom/mbedtls_user_config.h
as#define
/#undef
directives.The same applies to
crypto_config.h
Of course, both
custom/*_user_config.h
have to be included unconditionally (could be the last line of the corresponding*_config.h
).Mbed TLS needs this because
library code could be treated as "read-only", user-alterable files have a separate and predefined location.
"Include" paths in projects need no modifications; just put
#include
directive into the provided placeholder files.This should simplify merging, updates and maintenance.
Currently,
MBEDTLS_USER_CONFIG_FILE
is commented out (points to null device), therefore users have to altermbedtls_config.h
;The text was updated successfully, but these errors were encountered: