Don't use 3.6.0 since it fails

Expensify · Jul 9, 2024 · cd34f14 · cd34f14
1 parent b44518f
commit cd34f14
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 5 deletions.
diff --git a/Makefile b/Makefile
@@ -63,7 +63,7 @@ clean:
 mbedtls/library/libmbedcrypto.a mbedtls/library/libmbedtls.a mbedtls/library/libmbedx509.a:
 	git submodule init
 	git submodule update
-	cd mbedtls && git checkout -q v3.6.0
+	cd mbedtls && git checkout -q v3.5.2
 	cd mbedtls && git submodule update --init
 	cd mbedtls && $(MAKE) no_test
 

diff --git a/libstuff/SSSLState.cpp b/libstuff/SSSLState.cpp
@@ -30,25 +30,28 @@ SSSLState* SSSLOpen(int s, SX509* x509) {
 
     mbedtls_ctr_drbg_seed(&state->ctr_drbg, mbedtls_entropy_func, &state->ec, 0, 0);
     mbedtls_ssl_config_defaults(&state->conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, 0);
-
-    mbedtls_ssl_setup(&state->ssl, &state->conf);
-
     mbedtls_ssl_conf_authmode(&state->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
     mbedtls_ssl_conf_rng(&state->conf, mbedtls_ctr_drbg_random, &state->ctr_drbg);
+
     mbedtls_ssl_set_bio(&state->ssl, &state->s, mbedtls_net_send, mbedtls_net_recv, 0);
 
     if (x509) {
         // Add the certificate
         mbedtls_ssl_conf_ca_chain(&state->conf, x509->srvcert.next, 0);
         SASSERT(mbedtls_ssl_conf_own_cert(&state->conf, &x509->srvcert, &x509->pk) == 0);
     }
+
+    // Do this at the end, since we don't want to modify the conf context after we've initialized it with our ssl context.
+    mbedtls_ssl_setup(&state->ssl, &state->conf);
+
     return state;
 }
 
 // --------------------------------------------------------------------------
 int SSSLSend(SSSLState* sslState, const char* buffer, int length) {
     // Send as much as possible and report what happened
     SASSERT(sslState && buffer);
+
     const int numSent = mbedtls_ssl_write(&sslState->ssl, (unsigned char*)buffer, length);
     if (numSent > 0) {
         return numSent;

diff --git a/mbedtls b/mbedtls