curl: call mbedtls_ssl_setup() after RNG callback is set
Since mbedTLS v3.6.0, the RNG check added in ssl_conf_check() will fail if no RNG is provided when calling mbedtls_ssl_setup(). Therefore, mbedtls_ssl_conf_rng() needs to be called before the SSL context is passed to mbedtls_ssl_setup(). Signed-off-by: Seo Suchan <tjtncks@gmail.com>
This commit is contained in:
parent
f788525078
commit
9bdcaa86b2
|
@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/nls.mk
|
|||
|
||||
PKG_NAME:=curl
|
||||
PKG_VERSION:=8.7.1
|
||||
PKG_RELEASE:=r1
|
||||
PKG_RELEASE:=r2
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
||||
PKG_SOURCE_URL:=https://github.com/curl/curl/releases/download/curl-$(subst .,_,$(PKG_VERSION))/ \
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
--- a/lib/vtls/mbedtls.c
|
||||
+++ b/lib/vtls/mbedtls.c
|
||||
@@ -602,10 +602,6 @@ mbed_connect_step1(struct Curl_cfilter *
|
||||
}
|
||||
|
||||
mbedtls_ssl_init(&backend->ssl);
|
||||
- if(mbedtls_ssl_setup(&backend->ssl, &backend->config)) {
|
||||
- failf(data, "mbedTLS: ssl_init failed");
|
||||
- return CURLE_SSL_CONNECT_ERROR;
|
||||
- }
|
||||
|
||||
/* new profile with RSA min key len = 1024 ... */
|
||||
mbedtls_ssl_conf_cert_profile(&backend->config,
|
||||
@@ -639,6 +635,15 @@ mbed_connect_step1(struct Curl_cfilter *
|
||||
|
||||
mbedtls_ssl_conf_rng(&backend->config, mbedtls_ctr_drbg_random,
|
||||
&backend->ctr_drbg);
|
||||
+
|
||||
+ ret = mbedtls_ssl_setup(&backend->ssl, &backend->config);
|
||||
+ if(ret) {
|
||||
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
|
||||
+ failf(data, "ssl_setup failed - mbedTLS: (-0x%04X) %s",
|
||||
+ -ret, errorbuf);
|
||||
+ return CURLE_SSL_CONNECT_ERROR;
|
||||
+ }
|
||||
+
|
||||
mbedtls_ssl_set_bio(&backend->ssl, cf,
|
||||
mbedtls_bio_cf_write,
|
||||
mbedtls_bio_cf_read,
|
Loading…
Reference in New Issue