bump to 3.1.0

2026-06-09 01:34:14 +03:00 · 2025-08-11 20:31:52 +02:00 · 2025-08-11 20:31:52 +02:00 · e9477c8e09
commit e9477c8e09
parent 5d3946c725
5 changed files with 9 additions and 25 deletions
--- a/docs/INTERNALS.md
+++ b/docs/INTERNALS.md
@ -27,7 +27,7 @@ versions of libs and build tools.
 - OpenSSL      1.0.2a
 - LibreSSL     2.9.1
 - GnuTLS       3.1.10
- - mbedTLS      3.0.0
+ - mbedTLS      3.1.0
 - zlib         1.2.5.2
 - libssh2      1.2.8
 - c-ares       1.6.0
--- a/lib/md4.c
+++ b/lib/md4.c
@ -53,8 +53,8 @@

 #ifdef USE_MBEDTLS
 #include <mbedtls/version.h>
-#if MBEDTLS_VERSION_NUMBER < 0x03000000
-  #error "mbedTLS 3.0.0 or later required"
+#if MBEDTLS_VERSION_NUMBER < 0x03010000
+  #error "mbedTLS 3.1.0 or later required"
 #endif
 #include <mbedtls/mbedtls_config.h>
 #endif /* USE_MBEDTLS */
--- a/lib/md5.c
+++ b/lib/md5.c
@ -36,8 +36,8 @@

 #ifdef USE_MBEDTLS
 #include <mbedtls/version.h>
-#if MBEDTLS_VERSION_NUMBER < 0x03000000
-  #error "mbedTLS 3.0.0 or later required"
+#if MBEDTLS_VERSION_NUMBER < 0x03010000
+  #error "mbedTLS 3.1.0 or later required"
 #endif
 #endif /* USE_MBEDTLS */

--- a/lib/sha256.c
+++ b/lib/sha256.c
@ -38,8 +38,8 @@
 #include <nettle/sha.h>
 #elif defined(USE_MBEDTLS)
 #include <mbedtls/version.h>
-#if MBEDTLS_VERSION_NUMBER < 0x03000000
-  #error "mbedTLS 3.0.0 or later required"
+#if MBEDTLS_VERSION_NUMBER < 0x03010000
+  #error "mbedTLS 3.1.0 or later required"
 #endif
 #include <mbedtls/sha256.h>
 #elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@ -37,8 +37,8 @@
 /* #define MBEDTLS_DEBUG */

 #include <mbedtls/version.h>
-#if MBEDTLS_VERSION_NUMBER < 0x03000000
-  #error "mbedTLS 3.0.0 or later required"
+#if MBEDTLS_VERSION_NUMBER < 0x03010000
+  #error "mbedTLS 3.1.0 or later required"
 #endif
 #include <mbedtls/net_sockets.h>
 #include <mbedtls/ssl.h>
@ -1017,12 +1017,7 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
    unsigned char *pubkey = NULL;

    peercert = mbedtls_ssl_get_peer_cert(&backend->ssl);
-#if MBEDTLS_VERSION_NUMBER == 0x03000000
-    if(!peercert || !peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p) ||
-       !peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len)) {
-#else
    if(!peercert || !peercert->raw.p || !peercert->raw.len) {
-#endif
      failf(data, "Failed due to missing peer certificate");
      return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
    }
@ -1044,24 +1039,13 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
    /* Make a copy of our const peercert because mbedtls_pk_write_pubkey_der
       needs a non-const key, for now.
       https://github.com/Mbed-TLS/mbedtls/issues/396 */
-#if MBEDTLS_VERSION_NUMBER == 0x03000000
-    if(mbedtls_x509_crt_parse_der(p,
-                        peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p),
-                        peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len))) {
-#else
    if(mbedtls_x509_crt_parse_der(p, peercert->raw.p, peercert->raw.len)) {
-#endif
      failf(data, "Failed copying peer certificate");
      result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
      goto pinnedpubkey_error;
    }

-#if MBEDTLS_VERSION_NUMBER == 0x03000000
-    size = mbedtls_pk_write_pubkey_der(&p->MBEDTLS_PRIVATE(pk), pubkey,
-                                       PUB_DER_MAX_BYTES);
-#else
    size = mbedtls_pk_write_pubkey_der(&p->pk, pubkey, PUB_DER_MAX_BYTES);
-#endif

    if(size <= 0) {
      failf(data, "Failed copying public key from peer certificate");