Add support for mbedtls v3 (#16763)

v2 is not going to receive security fixes after 2024

Fixes #16672
This commit is contained in:
Keith Bowes 2024-07-18 09:25:29 -04:00 committed by GitHub
parent f1a37f7c75
commit 4683e83d9a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 16 additions and 11 deletions

View File

@ -753,7 +753,8 @@ else ifeq ($(HAVE_BUILTINMBEDTLS), 1)
OBJ += $(OBJS_TLS_CRYPTO) $(OBJS_TLS_X509) $(OBJS_TLS)
else ifeq ($(HAVE_SSL), 1)
DEFINES += -DHAVE_SSL
LIBS += $(SYSTEMMBEDTLS_LIBS)
LIBS += $(SYSTEMMBEDTLS_LIBS) $(SYSTEMMBEDX509_LIBS) $(SYSTEMMBEDCRYPTO_LIBS)
DEF_FLAGS += $(SYSTEMMBEDTLS_CFLAGS) $(SYSTEMMBEDX509_CFLAGS) $(SYSTEMMBEDCRYPTO_CFLAGS)
endif
# Miscellaneous

View File

@ -35,8 +35,13 @@
#include "../../deps/mbedtls/mbedtls/ctr_drbg.h"
#include "../../deps/mbedtls/mbedtls/entropy.h"
#else
#include <mbedtls/version.h>
#if MBEDTLS_VERSION_MAJOR < 3
#include <mbedtls/config.h>
#include <mbedtls/certs.h>
#else
#include <mbedtls/build_info.h>
#endif
#include <mbedtls/debug.h>
#include <mbedtls/platform.h>
#include <mbedtls/net_sockets.h>

View File

@ -316,16 +316,15 @@ check_enabled SSL BUILTINMBEDTLS 'builtin mbedtls' 'ssl is' false
check_enabled SSL BUILTINBEARSSL 'builtin bearssl' 'ssl is' false
if [ "$HAVE_SYSTEMMBEDTLS" = "auto" ]; then SYSTEMMBEDTLS_IS_AUTO=yes; else SYSTEMMBEDTLS_IS_AUTO=no; fi
check_lib '' SYSTEMMBEDTLS '-lmbedtls -lmbedx509 -lmbedcrypto'
check_header '' SYSTEMMBEDTLS \
mbedtls/config.h \
mbedtls/certs.h \
mbedtls/debug.h \
mbedtls/platform.h \
mbedtls/net_sockets.h \
mbedtls/ssl.h \
mbedtls/ctr_drbg.h \
mbedtls/entropy.h
check_val '' SYSTEMMBEDTLS '-lmbedtls' 'mbedtls' mbedtls 2.5.1 '' true
check_val '' SYSTEMMBEDX509 '-lmbedx509' 'mbedtls' mbedx509 2.5.1 '' true
check_val '' SYSTEMMBEDCRYPTO '-lmbedcrypto' 'mbedtls' mbedcrypto 2.5.1 '' true
if [ "$HAVE_SYSTEMMBEDTLS" = 'yes' ] && [ -z "$SYSTEMMBEDTLS_VERSION" ]; then
# Ancient versions (such as the one included in the Ubuntu version used for
# build checks) don't have this header
check_header '' SYSTEMMBEDTLS mbedtls/net_sockets.h
fi
if [ "$HAVE_SYSTEMMBEDX509" = 'no' ] || [ "$HAVE_SYSTEMMBEDCRYPTO" = 'no' ]; then HAVE_SYSTEMMBEDTLS=no; fi
if [ "$SYSTEMMBEDTLS_IS_AUTO" = "yes" ] && [ "$HAVE_SYSTEMMBEDTLS" = "yes" ]; then HAVE_SYSTEMMBEDTLS=auto; fi
SSL_BACKEND_CHOSEN=no