This adds support for compiling the code against Mbed TLS 3.0.0.
It still compiles against Mbed TLS 2.28.
The following changes were needed:
* DES and 3DES was removed
* mbedtls_pk_context->pk_info is private, use mbedtls_pk_get_type()
to check if it was initialized
* mbedtls_pk_parse_keyfile() now gets a random callback
* mbedtls/certs.h contains test data and is not installed any more and
not needed.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
AES_CBC_CIPHERS(ECDHE_ECDSA),
AES_CBC_CIPHERS(ECDHE_RSA),
AES_CBC_CIPHERS(DHE_RSA),
AES_CBC_CIPHERS(ECDHE_ECDSA),
AES_CBC_CIPHERS(ECDHE_RSA),
AES_CBC_CIPHERS(DHE_RSA),
+/* Removed in Mbed TLS 3.0.0 */
+#ifdef MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+/* Removed in Mbed TLS 3.0.0 */
+#ifdef MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
if (!ctx->cert.version)
return;
if (!ctx->cert.version)
return;
+ if (mbedtls_pk_get_type(&ctx->key) == MBEDTLS_PK_NONE)
return;
mbedtls_ssl_conf_own_cert(&ctx->conf, &ctx->cert, &ctx->key);
return;
mbedtls_ssl_conf_own_cert(&ctx->conf, &ctx->cert, &ctx->key);
+#if (MBEDTLS_VERSION_NUMBER >= 0x03000000)
+ ret = mbedtls_pk_parse_keyfile(&ctx->key, file, NULL, _random, NULL);
+#else
ret = mbedtls_pk_parse_keyfile(&ctx->key, file, NULL);
ret = mbedtls_pk_parse_keyfile(&ctx->key, file, NULL);
#include <mbedtls/net_sockets.h>
#include <mbedtls/ssl.h>
#include <mbedtls/net_sockets.h>
#include <mbedtls/ssl.h>
-#include <mbedtls/certs.h>
#include <mbedtls/x509.h>
#include <mbedtls/rsa.h>
#include <mbedtls/error.h>
#include <mbedtls/x509.h>
#include <mbedtls/rsa.h>
#include <mbedtls/error.h>