Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix build with mbedtls v3.6 PSA but without TLS 1.3 or session tickets #16044

Closed
wants to merge 3 commits into from

Conversation

misch7
Copy link
Contributor

@misch7 misch7 commented Jan 18, 2025

Problems

  1. Build fails when support for session tickets is disabled (thus HAS_SESSION_TICKETS undefined in lib/vtls/mbedtls.c).
  2. Runtime error for all TLS connections when built with MBEDTLS_USE_PSA_CRYPTO but without TLS 1.3 support:
$ ./build/bin/curl --insecure --verbose --head https://curl.se
* ssl_handshake returned: (-0x3E80) PK - Bad input parameters to function
curl: (35) ssl_handshake returned: (-0x3E80) PK - Bad input parameters to function

Solutions

  1. mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets requires the conditionals that are already covered by HAS_SESSION_TICKETS, see include/mbedtls/ssl.h (and the lines above).
    MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED always resolves to 1 because it is only meant as a boolean parameter for the function.

  2. When Mbed TLS is built with PSA, it must always be initialized regardless of the TLS 1.3 support.

@github-actions github-actions bot added the TLS label Jan 18, 2025
lib/vtls/mbedtls.c Outdated Show resolved Hide resolved
@bagder
Copy link
Member

bagder commented Jan 19, 2025

Ah, can you just rebase this again and force-push? I believe my symbol fix in the mean time made it conflict a little.

@misch7 misch7 force-pushed the fix/mbedtls-3.6-build-psa branch from 86fd6dd to 656fed0 Compare January 19, 2025 14:51
@misch7
Copy link
Contributor Author

misch7 commented Jan 19, 2025

Ah, can you just rebase this again and force-push? I believe my symbol fix in the mean time made it conflict a little.

Done and also fancier now with less commits. ^^

lib/vtls/mbedtls.c Outdated Show resolved Hide resolved
@bagder bagder closed this in 11ea103 Jan 29, 2025
@bagder
Copy link
Member

bagder commented Jan 29, 2025

Thanks!

@bagder
Copy link
Member

bagder commented Jan 29, 2025

Related blog post, since @misch7 also happened to become curl commit author number 1337

https://daniel.haxx.se/blog/2025/01/29/a-1337-curl-author/

@misch7
Copy link
Contributor Author

misch7 commented Jan 30, 2025

Thank you @bagder ! I feel honoured and I also want take the opportunity to thank you for curl as well as all fellow contributors of the past and the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

Successfully merging this pull request may close these issues.

3 participants