From: Arne Schwabe <a...@rfc2549.org> Cmake did not check for the mbedtls_ssl_set_export_keys_cb symbol when generating an mbed TLS configuration. This causes no actual working key exporter to be in the binary.
Also add an explicit #error to catch this situation during compilation. Change-Id: If38e80e268dc0ee7e57de2c175c5b4db0ce55ed0 Signed-off-by: Arne Schwabe <a...@rfc2549.org> Acked-by: Frank Lichtenheld <fr...@lichtenheld.com> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/920 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld <fr...@lichtenheld.com> diff --git a/CMakeLists.txt b/CMakeLists.txt index b04adce..a8fb64b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -275,6 +275,7 @@ set(CMAKE_REQUIRED_LIBRARIES "mbedtls;mbedx509;mbedcrypto") check_symbol_exists(mbedtls_ctr_drbg_update_ret mbedtls/ctr_drbg.h HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET) check_symbol_exists(mbedtls_ssl_conf_export_keys_ext_cb mbedtls/ssl.h HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB) + check_symbol_exists(mbedtls_ssl_set_export_keys_cb mbedtls/ssl.h HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB) check_include_files(psa/crypto.h HAVE_MBEDTLS_PSA_CRYPTO_H) endfunction() diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index e15c391..ec3135a 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -253,6 +253,8 @@ memcpy(cache->master_secret, secret, sizeof(cache->master_secret)); cache->tls_prf_type = tls_prf_type; } +#else /* if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB */ +#error either HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB or HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB must be defined when HAVE_EXPORT_KEYING_MATERIAL is defined #endif /* HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB */ bool _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
