Squashed 'Sources/OpenVPNAdapter/Libraries/Vendors/openvpn/' changes from 934f4e741f..daf575ff50

daf575ff50 Merge remote-tracking branch 'origin/qa' e3a2425be4 [UCONNECT-1027] remotelist: create standalone object for resolve thread e487b75860 async-resolve: use native GCD implementation on iOS 346ed043fa Merge remote-tracking branch 'origin/qa' 3f55dcd266 remotelist: add missing includes 073b3993f4 Fix commit 8b22a7b2 (mbed TLS compatibility) 8b22a7b209 Fix compatibility with mbed TLS < 2.7.0 git-subtree-dir: Sources/OpenVPNAdapter/Libraries/Vendors/openvpn git-subtree-split: daf575ff5099eebb10109e52be94253507fd253b
2026-04-24 00:00:05 +08:00 · 2019-03-15 11:55:16 +03:00
parent ed98f2568b
commit e9b9b66317
5 changed files with 245 additions and 74 deletions
@@ -36,6 +36,7 @@
 #include <mbedtls/sha1.h>
 #include <mbedtls/debug.h>
 #include <mbedtls/asn1.h>
+#include <mbedtls/version.h>

 #include <openvpn/common/size.hpp>
 #include <openvpn/common/exception.hpp>
@@ -1224,11 +1225,20 @@ namespace openvpn {
 	    {
 	      const int SHA_DIGEST_LEN = 20;
 	      static_assert(sizeof(AuthCert::issuer_fp) == SHA_DIGEST_LEN, "size inconsistency");
+#if MBEDTLS_VERSION_NUMBER < 0x02070000
+	      // mbed TLS 2.7.0 and newer deprecates mbedtls_sha1()
+	      // in favour of mbedtls_sha1_ret().
+
+	      // We support for older mbed TLS versions
+	      // to be able to build on Debian 9 and Ubuntu 16.
+	      mbedtls_sha1(cert->raw.p, cert->raw.len, ssl->authcert->issuer_fp);
+#else
 	      if(mbedtls_sha1_ret(cert->raw.p, cert->raw.len, ssl->authcert->issuer_fp))
 		{
 		  OPENVPN_LOG_SSL("VERIFY FAIL -- SHA1 calculation failed.");
 		  fail = true;
 		}
+#endif
 	    }
 	}
      else if (depth == 0) // leaf-cert