mirror of
https://github.com/openwrt/packages.git
synced 2026-06-17 17:00:28 +04:00
curl: fix SSL init with mbedtls 3.6
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
Felix Fietkau
@@ -0,0 +1,45 @@
|
||||
From: Kailun Qin <kailun.qin@intel.com>
|
||||
Date: Mon, 8 Apr 2024 05:13:56 -0400
|
||||
Subject: [PATCH] mbedtls: call mbedtls_ssl_setup() after RNG callback is set
|
||||
|
||||
Since mbedTLS v3.6.0, the RNG check added in ssl_conf_check() will fail
|
||||
if no RNG is provided when calling mbedtls_ssl_setup().
|
||||
|
||||
Therefore, mbedtls_ssl_conf_rng() needs to be called before the SSL
|
||||
context is passed to mbedtls_ssl_setup().
|
||||
|
||||
Ref: https://github.com/Mbed-TLS/mbedtls/commit/b422cab052b51ec84758638d6783d6ba4fc60613
|
||||
|
||||
Signed-off-by: Kailun Qin <kailun.qin@intel.com>
|
||||
Closes #13314
|
||||
---
|
||||
|
||||
--- a/lib/vtls/mbedtls.c
|
||||
+++ b/lib/vtls/mbedtls.c
|
||||
@@ -602,10 +602,6 @@ mbed_connect_step1(struct Curl_cfilter *
|
||||
}
|
||||
|
||||
mbedtls_ssl_init(&backend->ssl);
|
||||
- if(mbedtls_ssl_setup(&backend->ssl, &backend->config)) {
|
||||
- failf(data, "mbedTLS: ssl_init failed");
|
||||
- return CURLE_SSL_CONNECT_ERROR;
|
||||
- }
|
||||
|
||||
/* new profile with RSA min key len = 1024 ... */
|
||||
mbedtls_ssl_conf_cert_profile(&backend->config,
|
||||
@@ -639,6 +635,15 @@ mbed_connect_step1(struct Curl_cfilter *
|
||||
|
||||
mbedtls_ssl_conf_rng(&backend->config, mbedtls_ctr_drbg_random,
|
||||
&backend->ctr_drbg);
|
||||
+
|
||||
+ ret = mbedtls_ssl_setup(&backend->ssl, &backend->config);
|
||||
+ if(ret) {
|
||||
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
|
||||
+ failf(data, "ssl_setup failed - mbedTLS: (-0x%04X) %s",
|
||||
+ -ret, errorbuf);
|
||||
+ return CURLE_SSL_CONNECT_ERROR;
|
||||
+ }
|
||||
+
|
||||
mbedtls_ssl_set_bio(&backend->ssl, cf,
|
||||
mbedtls_bio_cf_write,
|
||||
mbedtls_bio_cf_read,
|
||||
Reference in New Issue
Block a user