Merge pull request #1154 from dmllr/master

Fix MbedTLS usage bugs and allow cmake to use imported mbedtls library
paullouisageneau · Apr 17, 2024 · 5b71775 · 5b71775
1 parent feea658
commit 5b71775
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 6 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -331,7 +331,9 @@ else()
 		target_link_libraries(datachannel PRIVATE libSRTP::srtp2)
 		target_link_libraries(datachannel-static PRIVATE libSRTP::srtp2)
 	else()
-		add_subdirectory(deps/libsrtp EXCLUDE_FROM_ALL)
+		if(NOT TARGET srtp2)
+			add_subdirectory(deps/libsrtp EXCLUDE_FROM_ALL)
+		endif()
 		target_compile_definitions(datachannel PRIVATE RTC_SYSTEM_SRTP=0)
 		target_compile_definitions(datachannel-static PRIVATE RTC_SYSTEM_SRTP=0)
 		target_link_libraries(datachannel PRIVATE srtp2)
@@ -360,7 +362,9 @@ if (USE_GNUTLS)
 		target_link_libraries(datachannel-static PRIVATE Nettle::Nettle)
 	endif()
 elseif(USE_MBEDTLS)
-	find_package(MbedTLS 3 REQUIRED)
+	if(NOT TARGET MbedTLS::MbedTLS)
+		find_package(MbedTLS 3 REQUIRED)
+	endif()
 	target_compile_definitions(datachannel PRIVATE USE_MBEDTLS=1)
 	target_compile_definitions(datachannel-static PRIVATE USE_MBEDTLS=1)
 	target_link_libraries(datachannel PRIVATE MbedTLS::MbedTLS)

diff --git a/examples/streamer/h264fileparser.cpp b/examples/streamer/h264fileparser.cpp
@@ -50,8 +50,8 @@ void H264FileParser::loadNextSample() {
     }
 }
 
-vector<byte> H264FileParser::initialNALUS() {
-    vector<byte> units{};
+vector<std::byte> H264FileParser::initialNALUS() {
+    vector<std::byte> units{};
     if (previousUnitType7.has_value()) {
         auto nalu = previousUnitType7.value();
         units.insert(units.end(), nalu.begin(), nalu.end());

diff --git a/src/impl/tls.cpp b/src/impl/tls.cpp
@@ -101,7 +101,7 @@ bool check(int ret, const string &message) {
 	if (ret < 0) {
 		if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE ||
 		    ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS || ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ||
-		    ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY)
+		    ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY || ret == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET)
 			return false;
 
 		const size_t bufferSize = 1024;

diff --git a/src/impl/tlstransport.cpp b/src/impl/tlstransport.cpp
@@ -323,6 +323,7 @@ TlsTransport::TlsTransport(variant<shared_ptr<TcpTransport>, shared_ptr<HttpProx
 
 	PLOG_DEBUG << "Initializing TLS transport (MbedTLS)";
 
+	psa_crypto_init();
 	mbedtls_entropy_init(&mEntropy);
 	mbedtls_ctr_drbg_init(&mDrbg);
 	mbedtls_ssl_init(&mSsl);

diff --git a/src/impl/verifiedtlstransport.cpp b/src/impl/verifiedtlstransport.cpp
@@ -36,7 +36,7 @@ VerifiedTlsTransport::VerifiedTlsTransport(
 				// *cacert is a PEM content
 				mbedtls::check(mbedtls_x509_crt_parse(
 				    &mCaCert, reinterpret_cast<const unsigned char *>(cacert->c_str()),
-				    cacert->size()));
+				    cacert->size() + 1));
 			}
 			mbedtls_ssl_conf_ca_chain(&mConf, &mCaCert, NULL);
 		}