This is an automated email from the ASF dual-hosted git repository.
xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx-apps.git
The following commit(s) were added to refs/heads/master by this push:
new 6600a5fd0 MbedTLS: patch warning when DTLS is off
6600a5fd0 is described below
commit 6600a5fd08fc7c3b3454f2280883049d60f76ec7
Author: George Poulios <[email protected]>
AuthorDate: Thu Dec 5 02:43:42 2024 +0200
MbedTLS: patch warning when DTLS is off
This is to patch upstream MbedTLS issue:
https://github.com/Mbed-TLS/mbedtls/issues/9425
that triggers a -Werror=undef when MBEDTLS_SSL_PROTO_DTLS
is undefined. There is no other way to silence that warning
and it breaks builds in systems with -Werror. Once the
upstream issue is resolved, this can be reverted.
Signed-off-by: George Poulios <[email protected]>
---
...TLS_SSL_DTLS_CONNECTION_ID_COMPAT-warning.patch | 33 ++++++++++++++++++++++
crypto/mbedtls/CMakeLists.txt | 2 ++
crypto/mbedtls/Makefile | 1 +
3 files changed, 36 insertions(+)
diff --git
a/crypto/mbedtls/0003-Fix-MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT-warning.patch
b/crypto/mbedtls/0003-Fix-MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT-warning.patch
new file mode 100644
index 000000000..df8d45241
--- /dev/null
+++
b/crypto/mbedtls/0003-Fix-MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT-warning.patch
@@ -0,0 +1,33 @@
+From 84d6430f412d869a56bbcce070d5b730386e540a Mon Sep 17 00:00:00 2001
+From: George Poulios <[email protected]>
+Date: Thu, 5 Dec 2024 02:28:19 +0200
+Subject: [PATCH 3/3] Fix MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT warning
+
+When MBEDTLS_SSL_PROTO_DTLS is not defined, config_adjust_ssl.h
+undefines (among others) MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT.
+Then the preprocessor comparison with 0 generates Wundef. Wrap
+the comparison under a defined() check to suppress this. This
+breaks builds on systems with -Werror.
+
+Signed-off-by: George Poulios <[email protected]>
+---
+ include/mbedtls/ssl.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
+index 42fffbf860..c68be5e30a 100644
+--- a/include/mbedtls/ssl.h
++++ b/include/mbedtls/ssl.h
+@@ -620,7 +620,8 @@
+ #define MBEDTLS_TLS_EXT_SIG_ALG_CERT 50 /* RFC 8446 TLS 1.3 */
+ #define MBEDTLS_TLS_EXT_KEY_SHARE 51 /* RFC 8446 TLS 1.3 */
+
+-#if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
++#if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) || \
++ MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
+ #define MBEDTLS_TLS_EXT_CID 54 /* RFC 9146 DTLS 1.2
CID */
+ #else
+ #define MBEDTLS_TLS_EXT_CID 254 /* Pre-RFC 9146 DTLS
1.2 CID */
+--
+2.39.5 (Apple Git-154)
+
diff --git a/crypto/mbedtls/CMakeLists.txt b/crypto/mbedtls/CMakeLists.txt
index 1506a0c0f..1c93dc894 100644
--- a/crypto/mbedtls/CMakeLists.txt
+++ b/crypto/mbedtls/CMakeLists.txt
@@ -38,6 +38,8 @@ if(CONFIG_CRYPTO_MBEDTLS)
${CMAKE_CURRENT_LIST_DIR}/0001-mbedtls-entropy_poll-use-getrandom-to-get-the-system.patch
&& patch -p1 -d ${MBEDTLS_DIR} <
${CMAKE_CURRENT_LIST_DIR}/0002-mbedtls-add-mbedtls-x509-crt-pool.patch
+ && patch -p1 -d ${MBEDTLS_DIR} <
+
${CMAKE_CURRENT_LIST_DIR}/0003-Fix-MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT-warning.patch
DOWNLOAD_NO_PROGRESS true
TIMEOUT 30)
diff --git a/crypto/mbedtls/Makefile b/crypto/mbedtls/Makefile
index 62e310070..574f297b8 100644
--- a/crypto/mbedtls/Makefile
+++ b/crypto/mbedtls/Makefile
@@ -68,6 +68,7 @@ $(MBEDTLS_UNPACKNAME): $(MBEDTLS_ZIP)
$(Q) mv mbedtls-$(MBEDTLS_VERSION) $(MBEDTLS_UNPACKNAME)
$(Q) patch -p1 -d $(MBEDTLS_UNPACKNAME) <
0001-mbedtls-entropy_poll-use-getrandom-to-get-the-system.patch
$(Q) patch -p1 -d $(MBEDTLS_UNPACKNAME) <
0002-mbedtls-add-mbedtls-x509-crt-pool.patch
+ $(Q) patch -p1 -d $(MBEDTLS_UNPACKNAME) <
0003-Fix-MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT-warning.patch
$(Q) touch $(MBEDTLS_UNPACKNAME)
# Download and unpack tarball if no git repo found
