[PATCH ustream-ssl 1/2] ustream-mbedtls: Add compatibility with Mbed TLS 3.0.0

Hauke Mehrtens hauke at hauke-m.de
Sun Nov 12 12:12:13 PST 2023


On 11/12/23 20:16, Rosen Penev wrote:
> On Sat, Nov 11, 2023 at 1:35 PM Hauke Mehrtens <hauke at hauke-m.de> wrote:
>>
>> This adds support for compiling the code against Mbed TLS 3.0.0.
>> It still compiles against Mbed TLS 2.28.
>>
>> The following changes were needed:
>>   * DES and 3DES was removed
>>   * mbedtls_pk_context->pk_info is private, use mbedtls_pk_get_type()
>>     to check if it was initialized
>>   * mbedtls_pk_parse_keyfile() now gets a random callback
>>   * mbedtls/certs.h contains test data and is not installed any more and
>>     not needed.
>>
>> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
>> ---
>>   ustream-mbedtls.c | 12 +++++++++++-
>>   ustream-mbedtls.h |  1 -
>>   2 files changed, 11 insertions(+), 2 deletions(-)
>>
>> diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
>> index 7fc7874..1c70cac 100644
>> --- a/ustream-mbedtls.c
>> +++ b/ustream-mbedtls.c
>> @@ -110,9 +110,15 @@ static const int default_ciphersuites_client[] =
>>          AES_CBC_CIPHERS(ECDHE_ECDSA),
>>          AES_CBC_CIPHERS(ECDHE_RSA),
>>          AES_CBC_CIPHERS(DHE_RSA),
>> +/* Removed in Mbed TLS 3.0.0 */
> are these for Windows XP compatibility?

No, This is for the TLS client. I assume this is for some legacy 
embedded webserver.

Mbed TLS 3.0.0 also removes support for TLS 1.0 and 1.1, it only support 
TLS 1.2 and 1.3, this could cause some problems with older equipment and 
legacy WPA enterprise clients.

Hauke



More information about the openwrt-devel mailing list