From 4683e83d9a51c0229fff23400a6a19542aa523b7 Mon Sep 17 00:00:00 2001
From: Keith Bowes <keithbowes@users.noreply.github.com>
Date: Thu, 18 Jul 2024 09:25:29 -0400
Subject: [PATCH] Add support for mbedtls v3 (#16763)

v2 is not going to receive security fixes after 2024

Fixes #16672
---
 Makefile.common                           |  3 ++-
 libretro-common/net/net_socket_ssl_mbed.c |  5 +++++
 qb/config.libs.sh                         | 19 +++++++++----------
 3 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/Makefile.common b/Makefile.common
index a550c79146..ee4fa1c4cc 100644
--- a/Makefile.common
+++ b/Makefile.common
@@ -753,7 +753,8 @@ else ifeq ($(HAVE_BUILTINMBEDTLS), 1)
    OBJ += $(OBJS_TLS_CRYPTO) $(OBJS_TLS_X509) $(OBJS_TLS)
 else ifeq ($(HAVE_SSL), 1)
    DEFINES += -DHAVE_SSL
-   LIBS += $(SYSTEMMBEDTLS_LIBS)
+   LIBS += $(SYSTEMMBEDTLS_LIBS) $(SYSTEMMBEDX509_LIBS) $(SYSTEMMBEDCRYPTO_LIBS)
+   DEF_FLAGS += $(SYSTEMMBEDTLS_CFLAGS) $(SYSTEMMBEDX509_CFLAGS) $(SYSTEMMBEDCRYPTO_CFLAGS)
 endif
 
 # Miscellaneous
diff --git a/libretro-common/net/net_socket_ssl_mbed.c b/libretro-common/net/net_socket_ssl_mbed.c
index a0a524f355..69c2239002 100644
--- a/libretro-common/net/net_socket_ssl_mbed.c
+++ b/libretro-common/net/net_socket_ssl_mbed.c
@@ -35,8 +35,13 @@
 #include "../../deps/mbedtls/mbedtls/ctr_drbg.h"
 #include "../../deps/mbedtls/mbedtls/entropy.h"
 #else
+#include <mbedtls/version.h>
+#if MBEDTLS_VERSION_MAJOR < 3
 #include <mbedtls/config.h>
 #include <mbedtls/certs.h>
+#else
+#include <mbedtls/build_info.h>
+#endif
 #include <mbedtls/debug.h>
 #include <mbedtls/platform.h>
 #include <mbedtls/net_sockets.h>
diff --git a/qb/config.libs.sh b/qb/config.libs.sh
index 1c84537518..06ca062f0c 100644
--- a/qb/config.libs.sh
+++ b/qb/config.libs.sh
@@ -316,16 +316,15 @@ check_enabled SSL BUILTINMBEDTLS 'builtin mbedtls' 'ssl is' false
 check_enabled SSL BUILTINBEARSSL 'builtin bearssl' 'ssl is' false
 
 if [ "$HAVE_SYSTEMMBEDTLS" = "auto" ]; then SYSTEMMBEDTLS_IS_AUTO=yes; else SYSTEMMBEDTLS_IS_AUTO=no; fi
-check_lib '' SYSTEMMBEDTLS '-lmbedtls -lmbedx509 -lmbedcrypto'
-check_header '' SYSTEMMBEDTLS \
-   mbedtls/config.h \
-   mbedtls/certs.h \
-   mbedtls/debug.h \
-   mbedtls/platform.h \
-   mbedtls/net_sockets.h \
-   mbedtls/ssl.h \
-   mbedtls/ctr_drbg.h \
-   mbedtls/entropy.h
+check_val '' SYSTEMMBEDTLS '-lmbedtls' 'mbedtls' mbedtls 2.5.1 '' true
+check_val '' SYSTEMMBEDX509 '-lmbedx509' 'mbedtls' mbedx509 2.5.1 '' true
+check_val '' SYSTEMMBEDCRYPTO '-lmbedcrypto' 'mbedtls' mbedcrypto 2.5.1 '' true
+if [ "$HAVE_SYSTEMMBEDTLS" = 'yes' ] && [ -z "$SYSTEMMBEDTLS_VERSION" ]; then
+  # Ancient versions (such as the one included in the Ubuntu version used for
+  # build checks) don't have this header
+  check_header '' SYSTEMMBEDTLS mbedtls/net_sockets.h
+fi
+if [ "$HAVE_SYSTEMMBEDX509" = 'no' ] || [ "$HAVE_SYSTEMMBEDCRYPTO" = 'no' ]; then HAVE_SYSTEMMBEDTLS=no; fi
 if [ "$SYSTEMMBEDTLS_IS_AUTO" = "yes" ] && [ "$HAVE_SYSTEMMBEDTLS" = "yes" ]; then HAVE_SYSTEMMBEDTLS=auto; fi
 
 SSL_BACKEND_CHOSEN=no