This adds support for compiling the code against Mbed TLS 3.0.0. It still compiles against Mbed TLS 2.28.
The following changes were needed: * DES and 3DES was removed * mbedtls_pk_context->pk_info is private, use mbedtls_pk_get_type() to check if it was initialized * mbedtls_pk_parse_keyfile() now gets a random callback * mbedtls/certs.h contains test data and is not installed any more and not needed. Signed-off-by: Hauke Mehrtens <ha...@hauke-m.de> --- ustream-mbedtls.c | 12 +++++++++++- ustream-mbedtls.h | 1 - 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c index 7fc7874..1c70cac 100644 --- a/ustream-mbedtls.c +++ b/ustream-mbedtls.c @@ -110,9 +110,15 @@ static const int default_ciphersuites_client[] = AES_CBC_CIPHERS(ECDHE_ECDSA), AES_CBC_CIPHERS(ECDHE_RSA), AES_CBC_CIPHERS(DHE_RSA), +/* Removed in Mbed TLS 3.0.0 */ +#ifdef MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, +#endif AES_CIPHERS(RSA), +/* Removed in Mbed TLS 3.0.0 */ +#ifdef MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, +#endif 0 }; @@ -171,7 +177,7 @@ static void ustream_ssl_update_own_cert(struct ustream_ssl_ctx *ctx) if (!ctx->cert.version) return; - if (!ctx->key.pk_info) + if (mbedtls_pk_get_type(&ctx->key) == MBEDTLS_PK_NONE) return; mbedtls_ssl_conf_own_cert(&ctx->conf, &ctx->cert, &ctx->key); @@ -206,7 +212,11 @@ __hidden int __ustream_ssl_set_key_file(struct ustream_ssl_ctx *ctx, const char { int ret; +#if (MBEDTLS_VERSION_NUMBER >= 0x03000000) + ret = mbedtls_pk_parse_keyfile(&ctx->key, file, NULL, _random, NULL); +#else ret = mbedtls_pk_parse_keyfile(&ctx->key, file, NULL); +#endif if (ret) return -1; diff --git a/ustream-mbedtls.h b/ustream-mbedtls.h index e622e5e..7e7c699 100644 --- a/ustream-mbedtls.h +++ b/ustream-mbedtls.h @@ -21,7 +21,6 @@ #include <mbedtls/net_sockets.h> #include <mbedtls/ssl.h> -#include <mbedtls/certs.h> #include <mbedtls/x509.h> #include <mbedtls/rsa.h> #include <mbedtls/error.h> -- 2.39.2 _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel