package/libcurl/0001-mbedtls-check-version-for-cipher-id.patch - buildroot - Git at Google

 From 0c4b4c1e93c8e869af230090f32346fdfd548f21 Mon Sep 17 00:00:00 2001
 From: Stefan Eissing <stefan@eissing.org>
 Date: Wed, 22 May 2024 14:44:56 +0200
 Subject: [PATCH] mbedtls: check version for cipher id

 mbedtls_ssl_get_ciphersuite_id_from_ssl() seems to have been added in
 mbedtls 3.2.0. Check for that version.

 Closes #13749

 Signed-off-by: Baruch Siach <baruch@tkos.co.il>
 Upstream: https://github.com/curl/curl/commit/0c4b4c1e93c8e869af230090f32346fdfd548f21
 ---
  lib/vtls/mbedtls.c | 19 ++++++++++++-------
  1 file changed, 12 insertions(+), 7 deletions(-)

 diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
 index ec0b10dd9a9f..98a4ea01b183 100644
 --- a/lib/vtls/mbedtls.c
 +++ b/lib/vtls/mbedtls.c
 @@ -902,8 +902,6 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
      (struct mbed_ssl_backend_data *)connssl->backend;
    struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
    const mbedtls_x509_crt *peercert;
 -  char cipher_str[64];
 -  uint16_t cipher_id;
  #ifndef CURL_DISABLE_PROXY
    const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)?
      data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]:
 @@ -932,11 +930,18 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
      return CURLE_SSL_CONNECT_ERROR;
    }

 -  cipher_id = (uint16_t)
 -              mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
 -  mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true);
 -  infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str);
 -
 +#if MBEDTLS_VERSION_NUMBER >= 0x03020000
 +  {
 +    char cipher_str[64];
 +    uint16_t cipher_id;
 +    cipher_id = (uint16_t)
 +                mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
 +    mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true);
 +    infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str);
 +  }
 +#else
 +  infof(data, "mbedTLS: Handshake complete");
 +#endif
    ret = mbedtls_ssl_get_verify_result(&backend->ssl);

    if(!conn_config->verifyhost)
 --
 2.43.0
	From 0c4b4c1e93c8e869af230090f32346fdfd548f21 Mon Sep 17 00:00:00 2001
	From: Stefan Eissing <stefan@eissing.org>
	Date: Wed, 22 May 2024 14:44:56 +0200
	Subject: [PATCH] mbedtls: check version for cipher id

	mbedtls_ssl_get_ciphersuite_id_from_ssl() seems to have been added in
	mbedtls 3.2.0. Check for that version.

	Closes #13749

	Signed-off-by: Baruch Siach <baruch@tkos.co.il>
	Upstream: https://github.com/curl/curl/commit/0c4b4c1e93c8e869af230090f32346fdfd548f21
	---
	lib/vtls/mbedtls.c \| 19 ++++++++++++-------
	1 file changed, 12 insertions(+), 7 deletions(-)

	diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
	index ec0b10dd9a9f..98a4ea01b183 100644
	--- a/lib/vtls/mbedtls.c
	+++ b/lib/vtls/mbedtls.c
	@@ -902,8 +902,6 @@ mbed_connect_step2(struct Curl_cfilter cf, struct Curl_easy data)
	(struct mbed_ssl_backend_data *)connssl->backend;
	struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
	const mbedtls_x509_crt *peercert;
	- char cipher_str[64];
	- uint16_t cipher_id;
	#ifndef CURL_DISABLE_PROXY
	const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf)?
	data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]:
	@@ -932,11 +930,18 @@ mbed_connect_step2(struct Curl_cfilter cf, struct Curl_easy data)
	return CURLE_SSL_CONNECT_ERROR;
	}

	- cipher_id = (uint16_t)
	- mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
	- mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true);
	- infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str);
	-
	+#if MBEDTLS_VERSION_NUMBER >= 0x03020000
	+ {
	+ char cipher_str[64];
	+ uint16_t cipher_id;
	+ cipher_id = (uint16_t)
	+ mbedtls_ssl_get_ciphersuite_id_from_ssl(&backend->ssl);
	+ mbed_cipher_suite_get_str(cipher_id, cipher_str, sizeof(cipher_str), true);
	+ infof(data, "mbedTLS: Handshake complete, cipher is %s", cipher_str);
	+ }
	+#else
	+ infof(data, "mbedTLS: Handshake complete");
	+#endif
	ret = mbedtls_ssl_get_verify_result(&backend->ssl);

	if(!conn_config->verifyhost)
	--
	2.43.0