Closed teejusb closed 5 months ago
Thanks !
Hey there's one regression do you know what could happen ?
One unittest now fail on CI for mbdedtls.
Strange. Let me take a look and see if I can figure it out. Since the code only looked for a not-previously-introduced DEFINE it should have been a no-op in general.
Okay my suspicion is that it looks like brew
updated their mbedtls version 2 months ago as per this link.
This update happened on March 28th, while the last IXWebSocket update before this changed happened one day earlier on March 27th.
Since there hadn't been any updates to this repo after March 28th, the GitHub action was not run. And since the failing test uses brew install mbedtls
here, it is now getting version 3.6.0, instead of 3.5.2. I think this implies that even without my changes the runner would have started to fail on the next PR.
Interestingly, and also unknowingly, the changes in this specific PR were created to address exactly this issue :) The changes in my project to enable IXWebSocket to use this PR can be found here.
My guess is adding:
target_compile_definitions(${TEST_TARGET_NAME} PRIVATE IXWEBSOCKET_MBEDTLS_USE_PSA_CRYPTO)
or similar somewhere should help. I'll make a draft PR to see if that is sufficient.
I have an emulator that makes use of IXWebSocket for networking under the hood here.
When updating to the latest MbedTLS 3.6.0 LTS, I noticed that our SSL requests started failing, while non-SSL requests were still fine. After some digging, it seems like calling
psa_crypto_init()
somewhere in the code allowed it to start working again, which is what this PR suggests.In the MbedTLS codebase (here), it says that by using
MBEDTLS_USE_PSA_CRYPTO
we promise to also callpsa_crypto_init()
before calling any PK, X.509 or TLS functions, so we control that using a compile time definition namedIXWEBSOCKET_MBEDTLS_USE_PSA_CRYPTO
.