[PATCH] Accommodate Mbed TLS 3.x (specifically, 3.6.0 LTS).
- Conditionally pass mbedtls_pk_parse_key the existing pRNG and its state.
- Call psa_crypto_init during setup, as PSA may be in play even when not
explicitly enabled. Documentation suggests calling it as early as
possible; in practice, though, holding off until after pRNG
initialization avoids "insufficient entropy" errors under 2.x (at least
2.28.8 LTS on Linux) and still works fine as of 3.6.0.
- At least for now, ensure that MBEDTLS_SSL_VERIFY_NONE remains effective
by additionally capping the TLS version at 1.2; as of 1.3, certificate
checking has become mandatory, and Mbed TLS respects that requirement.
- Additional tuneups to ncbi_mbedtls.c-only code:
-- Account for error-code macro repertoire changes by conditionalizing
major-version-specific macros on their availability and specifically
checking for or emitting MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED (new)
as appropriate,
-- x_ErrorToStatus: Conditionally use MBEDTLS_PRIVATE for p_bio, which has
no accessor.
-- x_MbedTlsWrite: Substitute mbedtls_ssl_get_max_out_record_payload for
mbedtls_ssl_get_output_max_frag_len, which didn't account for other
relevant considerations and is now fully private.
https://github.com/Mbed-TLS/mbedtls/blob/development/docs/3.0-migration-guide.md
supplied useful guidance. JIRA: CXX-13565.
git-svn-id: https://anonsvn.ncbi.nlm.nih.gov/repos/v1/trunk/c++@102329
78c7ea69-d796-4a43-9a09-
de51944f1b03
Gbp-Pq: Name support_mbedtls3
projects / ncbi-blast+.git / commit