From c7f6d7f75cec386d0147909c7522ee57d587eae2 Mon Sep 17 00:00:00 2001
From: Hannes Tschofenig <hannes.tschofenig@arm.com>
Date: Thu, 3 Dec 2020 15:47:31 +0100
Subject: [PATCH] Making sure that keep peer certificate option is set when
 server cert verification is used.

---
 include/mbedtls/check_config.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 6e7c27098..13bd50cfa 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -910,6 +910,10 @@
 #undef MBEDTLS_HASHES_ENABLED
 #endif /* MBEDTLS_MD_SINGLE_HASH */
 
+#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) && !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+#error "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION can only be used with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
+#endif
+
 /*
  * Note: the dependency on TinyCrypt is reflected in several ways in the code:
  *