From e9477c8e093839f4d6fc9f3da3a16958da6f1848 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 11 Aug 2025 20:31:52 +0200 Subject: [PATCH] bump to 3.1.0 --- docs/INTERNALS.md | 2 +- lib/md4.c | 4 ++-- lib/md5.c | 4 ++-- lib/sha256.c | 4 ++-- lib/vtls/mbedtls.c | 20 ++------------------ 5 files changed, 9 insertions(+), 25 deletions(-) diff --git a/docs/INTERNALS.md b/docs/INTERNALS.md index 2fa4c5d1bf..d565e12b9f 100644 --- a/docs/INTERNALS.md +++ b/docs/INTERNALS.md @@ -27,7 +27,7 @@ versions of libs and build tools. - OpenSSL 1.0.2a - LibreSSL 2.9.1 - GnuTLS 3.1.10 - - mbedTLS 3.0.0 + - mbedTLS 3.1.0 - zlib 1.2.5.2 - libssh2 1.2.8 - c-ares 1.6.0 diff --git a/lib/md4.c b/lib/md4.c index 97498b8d21..0ce5a0159c 100644 --- a/lib/md4.c +++ b/lib/md4.c @@ -53,8 +53,8 @@ #ifdef USE_MBEDTLS #include -#if MBEDTLS_VERSION_NUMBER < 0x03000000 - #error "mbedTLS 3.0.0 or later required" +#if MBEDTLS_VERSION_NUMBER < 0x03010000 + #error "mbedTLS 3.1.0 or later required" #endif #include #endif /* USE_MBEDTLS */ diff --git a/lib/md5.c b/lib/md5.c index ff6e155a4d..81bad8a9b0 100644 --- a/lib/md5.c +++ b/lib/md5.c @@ -36,8 +36,8 @@ #ifdef USE_MBEDTLS #include -#if MBEDTLS_VERSION_NUMBER < 0x03000000 - #error "mbedTLS 3.0.0 or later required" +#if MBEDTLS_VERSION_NUMBER < 0x03010000 + #error "mbedTLS 3.1.0 or later required" #endif #endif /* USE_MBEDTLS */ diff --git a/lib/sha256.c b/lib/sha256.c index 9885097b96..365962008f 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -38,8 +38,8 @@ #include #elif defined(USE_MBEDTLS) #include -#if MBEDTLS_VERSION_NUMBER < 0x03000000 - #error "mbedTLS 3.0.0 or later required" +#if MBEDTLS_VERSION_NUMBER < 0x03010000 + #error "mbedTLS 3.1.0 or later required" #endif #include #elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \ diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 332d6c4cf3..9d15ec3ad4 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -37,8 +37,8 @@ /* #define MBEDTLS_DEBUG */ #include -#if MBEDTLS_VERSION_NUMBER < 0x03000000 - #error "mbedTLS 3.0.0 or later required" +#if MBEDTLS_VERSION_NUMBER < 0x03010000 + #error "mbedTLS 3.1.0 or later required" #endif #include #include @@ -1017,12 +1017,7 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) unsigned char *pubkey = NULL; peercert = mbedtls_ssl_get_peer_cert(&backend->ssl); -#if MBEDTLS_VERSION_NUMBER == 0x03000000 - if(!peercert || !peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p) || - !peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len)) { -#else if(!peercert || !peercert->raw.p || !peercert->raw.len) { -#endif failf(data, "Failed due to missing peer certificate"); return CURLE_SSL_PINNEDPUBKEYNOTMATCH; } @@ -1044,24 +1039,13 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) /* Make a copy of our const peercert because mbedtls_pk_write_pubkey_der needs a non-const key, for now. https://github.com/Mbed-TLS/mbedtls/issues/396 */ -#if MBEDTLS_VERSION_NUMBER == 0x03000000 - if(mbedtls_x509_crt_parse_der(p, - peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p), - peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len))) { -#else if(mbedtls_x509_crt_parse_der(p, peercert->raw.p, peercert->raw.len)) { -#endif failf(data, "Failed copying peer certificate"); result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; goto pinnedpubkey_error; } -#if MBEDTLS_VERSION_NUMBER == 0x03000000 - size = mbedtls_pk_write_pubkey_der(&p->MBEDTLS_PRIVATE(pk), pubkey, - PUB_DER_MAX_BYTES); -#else size = mbedtls_pk_write_pubkey_der(&p->pk, pubkey, PUB_DER_MAX_BYTES); -#endif if(size <= 0) { failf(data, "Failed copying public key from peer certificate");