cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/920?usp=email )
Change subject: Fix mbed TLS key exporter functionality in 3.6.x and cmake ...................................................................... Fix mbed TLS key exporter functionality in 3.6.x and cmake Cmake did not check for the mbedtls_ssl_set_export_keys_cb symbol when generating an mbed TLS configuration. This causes no actual working key exporter to be in the binary. Also add an explicit #error to catch this situation during compilation. Change-Id: If38e80e268dc0ee7e57de2c175c5b4db0ce55ed0 Signed-off-by: Arne Schwabe <a...@rfc2549.org> Acked-by: Frank Lichtenheld <fr...@lichtenheld.com> Message-Id: <20250425131002.21772-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31510.html Signed-off-by: Gert Doering <g...@greenie.muc.de> --- M CMakeLists.txt M src/openvpn/ssl_mbedtls.c 2 files changed, 3 insertions(+), 0 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index b04adce..a8fb64b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -275,6 +275,7 @@ set(CMAKE_REQUIRED_LIBRARIES "mbedtls;mbedx509;mbedcrypto") check_symbol_exists(mbedtls_ctr_drbg_update_ret mbedtls/ctr_drbg.h HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET) check_symbol_exists(mbedtls_ssl_conf_export_keys_ext_cb mbedtls/ssl.h HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB) + check_symbol_exists(mbedtls_ssl_set_export_keys_cb mbedtls/ssl.h HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB) check_include_files(psa/crypto.h HAVE_MBEDTLS_PSA_CRYPTO_H) endfunction() diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index e15c391..ec3135a 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -253,6 +253,8 @@ memcpy(cache->master_secret, secret, sizeof(cache->master_secret)); cache->tls_prf_type = tls_prf_type; } +#else /* if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB */ +#error either HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB or HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB must be defined when HAVE_EXPORT_KEYING_MATERIAL is defined #endif /* HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB */ bool -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/920?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: If38e80e268dc0ee7e57de2c175c5b4db0ce55ed0 Gerrit-Change-Number: 920 Gerrit-PatchSet: 4 Gerrit-Owner: plaisthos <arne-open...@rfc2549.org> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-CC: MaxF <m...@max-fillinger.net> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-MessageType: merged
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel