Fix polarssl url as polarssl.org no longer exists

[fengye]

It looks like polarssl.org no longer exists so I managed to find the package in src.fedoraproject.org so that the build can work

[zeldin]

Thanks. I think it would make more sense to fetch it from tls.mbed.org like it is done on the develop branch though. Could you plese test if using https://tls.mbed.org/download/polarssl-${VERSION}-gpl.tgz as the URI instead works for you?

[fengye]

Hi @zeldin , it looks like I can't access https://tls.mbed.org/download/polarssl-1.2.8-gpl.tgz which version is stated in the script. On develop branch the url https://tls.mbed.org/download/polarssl-1.3.9-gpl.tgz is inaccessible neither.

[zeldin]

😞 Looks like tls.mbed.org is also out of commission. It redirects to www.trustedfirmware.org, which doesn't seem to host any software packages at all (what I can find), but just refers to github... What a mess.

[miigotu]

Any chance we can update this to a recent release of polarssl so we can use their GitHub release zips?

In any event, we can download a zip or tarball of the 1.2.8 tagged release on their GitHub

https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/polarssl-1.2.8.zip

https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/polarssl-1.2.8.tar

We can also get a tarball, and also use the ${VERSION} tag correctly. If we switch to this method, all we need to do is update the patch and version tag for a newer release and stay cleanly within this project's scripts preferred methods. Here's the diff using tarball for congruity, check if the patches still apply before merging, since gpl is a build flag afaik, or includes patches in their repo.:

scripts/015-polarssl.sh b/scripts/015-polarssl.sh
index f90bee5..48c3f5e 100755
--- a/scripts/015-polarssl.sh
+++ b/scripts/015-polarssl.sh
@@ -32,7 +32,7 @@ ARCH="powerpc64"
 PLATFORM="PS3" 

 ## Download the source code.
-wget --continue --no-check-certificate -O polarssl-${VERSION}.gpl.tgz https://polarssl.org/download/polarssl-${VERSION}-gpl.tgz?do=yes
+wget --continue --no-check-certificate -O polarssl-${VERSION}.tgz https://github.com/Mbed-TLS/mbedtls/tarball/polarssl-${VERSION}

 ## Unpack the source code.
-rm -Rf polarssl-${VERSION} && tar xfvz polarssl-${VERSION}.gpl.tgz && cd polarssl-${VERSION}/library
+rm -Rf polarssl-${VERSION} && tar xfvz polarssl-${VERSION}.tgz && cd polarssl-${VERSION}/library

Also, we should consider renaming references to mbedtls, with a proper notation that it used to be polarssl.

Mbed TLS was formerly known as PolarSSL. 
It is maintained under open governance at TrustedFirmware since March 2020. 
Before this, it was maintained by Arm, and some of the information and infrastructure has not migrated yet.

[miigotu]

Sorry for the mass edits, I know you all got spammed. Trying to type/copy/paste/edit my comments on my phone because I'm trapped under a sleeping baby.

[miigotu]

I think this should be expanded to a proper update and full test by @ps3dev/developers because we are super behind on libcurl and polarssl ->mbedtls, which is a security concern depending on what an end user does with the libraries we provide. I am almost sure most of us developers find it pertinent to remove sticks from the paths of less security focused and/or less experienced developers by not building insecure versions of curl and ssl libraries for extended periods of time. Leaving the older versions as an option for BC I can understand, for when older software just will not build with updated versions (that those downstream applications should also just be updated is another discussion, let's control what we can) but as the default I am feeling a sense of responsibility.

As this is a substantial change, I think I will convert this comment to an issue so we can discuss and maybe I'll create a PR/branch and just start working on it. This is going to go fairly deep with dependency, because practically everything uses libcurl or ssl in some way these days lol.

[zeldin]

As a stop-gap measure I pushed a version which fetches from github and actually works (sorry miigoto) :smile:

[gtessi]

I want to add that my fork compiles correctly with some additional changes needed: https://github.com/gtessi/ps3libraries

[miigotu]

No problem, I'm in no rush haha

[humbertodias]

polarssl 1.3.9 added here https://github.com/ps3dev/ps3libraries/pull/64