diff options
author | Niels Martignène <niels.martignene@protonmail.com> | 2022-01-07 11:36:31 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2022-01-09 14:12:40 +0100 |
commit | 919baa580241ae1328d10aeaaf68be1351d41fcf (patch) | |
tree | 61de7a54dd6c714a7367ec6d074e83b7b596d775 | |
parent | d14831233df3a15b14db563156614c9ea60fcf06 (diff) | |
download | curl-919baa580241ae1328d10aeaaf68be1351d41fcf.tar.gz |
mbedtls: Fix ssl_init error with mbedTLS 3.1.0+
Since mbedTLS 3.1.0, mbedtls_ssl_setup() fails if the provided
config struct is not valid.
mbedtls_ssl_config_defaults() needs to be called before the config
struct is passed to mbedtls_ssl_setup().
Closes #8238
-rw-r--r-- | lib/vtls/mbedtls.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 1d209b273..6f6b11ff6 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -469,12 +469,6 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, infof(data, "mbedTLS: Connecting to %s:%ld", hostname, port); mbedtls_ssl_config_init(&backend->config); - - mbedtls_ssl_init(&backend->ssl); - if(mbedtls_ssl_setup(&backend->ssl, &backend->config)) { - failf(data, "mbedTLS: ssl_init failed"); - return CURLE_SSL_CONNECT_ERROR; - } ret = mbedtls_ssl_config_defaults(&backend->config, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, @@ -484,6 +478,12 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, return CURLE_SSL_CONNECT_ERROR; } + mbedtls_ssl_init(&backend->ssl); + if(mbedtls_ssl_setup(&backend->ssl, &backend->config)) { + failf(data, "mbedTLS: ssl_init failed"); + return CURLE_SSL_CONNECT_ERROR; + } + /* new profile with RSA min key len = 1024 ... */ mbedtls_ssl_conf_cert_profile(&backend->config, &mbedtls_x509_crt_profile_fr); |