Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
PUBLIC_REPOS
/
buildroot
peilaus alkaen git://git.buildroot.net/buildroot
2
1
Fork 0
Tiedostot
Selaa lähdekoodia

package/libcurl: fix build with mbedtls

Add upstream patch to fix compatibility with mbedtls version 2.28.x, which
is broken since commit 50bdb2a3b7 (package/libcurl: bump version to 8.8.0).

Fixes:
http://autobuild.buildroot.net/results/66ba878386e4e478645edb6a282e82820b8dad7f
http://autobuild.buildroot.net/results/7a4d9595197cf23080a23dfe9bc0e60b8145af6e
http://autobuild.buildroot.net/results/9add7283813388daa95b16ef76acb3c4e9ea7c2f

[Peter: mention when this issue was introduced]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Baruch Siach 1 vuosi sitten
vanhempi
3d46d9760b
commit
d611acf8e9
1 muutettua tiedostoa jossa 56 lisäystä ja 0 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 56 0
      package/libcurl/0001-mbedtls-check-version-for-cipher-id.patch

+ 56 - 0
package/libcurl/0001-mbedtls-check-version-for-cipher-id.patch
Näytä tiedosto 

@@ -0,0 +1,56 @@
 
+From 0c4b4c1e93c8e869af230090f32346fdfd548f21 Mon Sep 17 00:00:00 2001
 
+From: Stefan Eissing <stefan@eissing.org>
 
+Date: Wed, 22 May 2024 14:44:56 +0200
 
+Subject: [PATCH] mbedtls: check version for cipher id
 
+
 
+mbedtls_ssl_get_ciphersuite_id_from_ssl() seems to have been added in
 
+mbedtls 3.2.0. Check for that version.
 
+
 
+Closes #13749
 
+
 
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
 
+Upstream: https://github.com/curl/curl/commit/0c4b4c1e93c8e869af230090f32346fdfd548f21
 
+---
 
+ lib/vtls/mbedtls.c | 19 ++++++++++++-------
 
+ 1 file changed, 12 insertions(+), 7 deletions(-)
 
+
 
+diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
 
+index ec0b10dd9a9f..98a4ea01b183 100644
 
+--- a/lib/vtls/mbedtls.c
 
++++ b/lib/vtls/mbedtls.c
 
+@@ -902,8 +902,6 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
 
+     (struct mbed_ssl_backend_data *)connssl->backend;
 
+   struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
 
+   const mbedtls_x509_crt *peercert;
 
+-  char cipher_str[64];
 
+-  uint16_t cipher_id;
 
+ #ifndef CURL_DISABLE_PROXY
 
+   const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)?
 
+     data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]:
 
+@@ -932,11 +930,18 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
 
+     return CURLE_SSL_CONNECT_ERROR;
 
+   }
 
+ 
+-  cipher_id = (uint16_t)
 
+-              mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
 
+-  mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true);
 
+-  infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str);
 
+-
 
++#if MBEDTLS_VERSION_NUMBER >= 0x03020000
 
++  {
 
++    char cipher_str[64];
 
++    uint16_t cipher_id;
 
++    cipher_id = (uint16_t)
 
++                mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
 
++    mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true);
 
++    infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str);
 
++  }
 
++#else
 
++  infof(data, "mbedTLS: Handshake complete");
 
++#endif
 
+   ret = mbedtls_ssl_get_verify_result(&backend->ssl);
 
+ 
+   if(!conn_config->verifyhost)
 
+-- 
+2.43.0
 
+