On Wednesday, 7 June 2017 12:27:12 PDT Gregg Reynolds wrote: > On Jun 5, 2017 1:13 PM, "Thiago Macieira" <thiago.macieira at intel.com> > wrote: > > See https://www.iotivity.org/downloads/iotivity-1.3.0 > > https://wiki.iotivity.org/release_note_1.3.0 > > > Security advisories > > > > Since release 1.3.0, IoTivity no longer includes any cryptographic code, > > with the previously-bundled TinyDTLS code removed. It does depend on a > > third-party cryptographic library, called mbedTLS > > <https://github.com/ARMmbed/mbedtls/>, which is not shipped with IoTivity > > and must be installed separately during the build process. > > just took a quick look at the release notes, > https://wiki.iotivity.org/release_note_1.3.0, > which indicate, under "How to Apply mbedtls 2.4.2 version", that we are to > apply a patch to mbedtls. if that's the case, why not just include the > patched code? to me that means that iotivity does in fact include > cryptographic code.
Because we don't include any code at all, patched or not. The release note was written a while ago, if you had mbedTLS 2.4.0 and needed to patch without doing the full upgrade. Or you can just clone the most recent version. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center
