)]}'
{
  "commit": "088ce43ffe78b5f45fe9b757cf3fa534ee6bbc59",
  "tree": "92d0fe5e50548bcc3cd4b6ae3057bfe7df89e098",
  "parents": [
    "75fdf631fdb1135b5d8de2c5d26113da60db26ea"
  ],
  "author": {
    "name": "Janos Follath",
    "email": "janos.follath@arm.com",
    "time": "Mon Apr 10 12:42:31 2017 +0100"
  },
  "committer": {
    "name": "Simon Butcher",
    "email": "simon.butcher@arm.com",
    "time": "Tue May 16 10:22:37 2017 +0100"
  },
  "message": "Implement optional CA list suppression in Certificate Request\n\nAccording to RFC5246 the server can indicate the known Certificate\nAuthorities or can constrain the aurhorisation space by sending a\ncertificate list. This part of the message is optional and if omitted,\nthe client may send any certificate in the response.\n\nThe previous behaviour of mbed TLS was to always send the name of all the\nCAs that are configured as root CAs. In certain cases this might cause\nusability and privacy issues for example:\n- If the list of the CA names is longer than the peers input buffer then\n  the handshake will fail\n- If the configured CAs belong to third parties, this message gives away\n  information on the relations to these third parties\n\nTherefore we introduce an option to suppress the CA list in the\nCertificate Request message.\n\nProviding this feature as a runtime option comes with a little cost in\ncode size and advantages in maintenance and flexibility.\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "495e02cb0e7bb52f56ae9b191b9e30873d1a346c",
      "old_mode": 33188,
      "old_path": "include/mbedtls/ssl.h",
      "new_id": "cb29b8383aaad2ca0e9ea425c50e792872627f72",
      "new_mode": 33188,
      "new_path": "include/mbedtls/ssl.h"
    },
    {
      "type": "modify",
      "old_id": "fc0d2d7b4272a550df11eaefe13935a7a510675c",
      "old_mode": 33188,
      "old_path": "library/ssl_srv.c",
      "new_id": "4c528bb2e375523105c2d9d25d310167c0bef49b",
      "new_mode": 33188,
      "new_path": "library/ssl_srv.c"
    },
    {
      "type": "modify",
      "old_id": "d9ab83291be60ed8905852b6c417ec2d5deea95d",
      "old_mode": 33188,
      "old_path": "library/ssl_tls.c",
      "new_id": "00a57ffb82d334baf2c41c488dbf75960a21ef8a",
      "new_mode": 33188,
      "new_path": "library/ssl_tls.c"
    }
  ]
}