ustream-mbedtls: Add compatibility with Mbed TLS 3.0.0

This adds support for compiling the code against Mbed TLS 3.0.0.
It still compiles against Mbed TLS 2.28.

The following changes were needed:
 * DES and 3DES was removed
 * mbedtls_pk_context->pk_info is private, use mbedtls_pk_get_type()
   to check if it was initialized
 * mbedtls_pk_parse_keyfile() now gets a random callback
 * mbedtls/certs.h contains test data and is not installed any more and
   not needed.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index 7fc78742f7c409389a5af5e1cc39d73ff87c78e3..1c70cac91ef1f1f59d56a2be10d7f551f9b9a600 100644 (file)
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -110,9 +110,15 @@ static const int default_ciphersuites_client[] =
        AES_CBC_CIPHERS(ECDHE_ECDSA),
        AES_CBC_CIPHERS(ECDHE_RSA),
        AES_CBC_CIPHERS(DHE_RSA),
+/* Removed in Mbed TLS 3.0.0 */
+#ifdef MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+#endif
        AES_CIPHERS(RSA),
+/* Removed in Mbed TLS 3.0.0 */
+#ifdef MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
        MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+#endif
        0
 };
 
@@ -171,7 +177,7 @@ static void ustream_ssl_update_own_cert(struct ustream_ssl_ctx *ctx)
        if (!ctx->cert.version)
                return;
 
-       if (!ctx->key.pk_info)
+       if (mbedtls_pk_get_type(&ctx->key) == MBEDTLS_PK_NONE)
                return;
 
        mbedtls_ssl_conf_own_cert(&ctx->conf, &ctx->cert, &ctx->key);
@@ -206,7 +212,11 @@ __hidden int __ustream_ssl_set_key_file(struct ustream_ssl_ctx *ctx, const char
 {
        int ret;
 
+#if (MBEDTLS_VERSION_NUMBER >= 0x03000000)
+       ret = mbedtls_pk_parse_keyfile(&ctx->key, file, NULL, _random, NULL);
+#else
        ret = mbedtls_pk_parse_keyfile(&ctx->key, file, NULL);
+#endif
        if (ret)
                return -1;
 

diff --git a/ustream-mbedtls.h b/ustream-mbedtls.h
index e622e5e234a106ad06c8d8ef4b942c48e35e7148..7e7c699398e78db1a07e4671115206903a27a7ff 100644 (file)
--- a/ustream-mbedtls.h
+++ b/ustream-mbedtls.h
@@ -21,7 +21,6 @@
 
 #include <mbedtls/net_sockets.h>
 #include <mbedtls/ssl.h>
-#include <mbedtls/certs.h>
 #include <mbedtls/x509.h>
 #include <mbedtls/rsa.h>
 #include <mbedtls/error.h>