Mbed TLS 4.x Compatibility Update #3475
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [others/libinjection](https://github.com/libinjection/libinjection) from `b9fcaaf` to `b2d46ec`. - [Commits](libinjection/libinjection@b9fcaaf...b2d46ec) --- updated-dependencies: - dependency-name: others/libinjection dependency-version: b2d46ec124d947d2f82560074e4a348cb15148fc dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [others/mbedtls](https://github.com/Mbed-TLS/mbedtls) from `2ca6c28` to `e5ba96c`. - [Release notes](https://github.com/Mbed-TLS/mbedtls/releases) - [Commits](Mbed-TLS/mbedtls@2ca6c28...e5ba96c) --- updated-dependencies: - dependency-name: others/mbedtls dependency-version: e5ba96c5c6c408cee7a05f3ab77417a94fe534fe dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [bindings/python](https://github.com/owasp-modsecurity/ModSecurity-Python-bindings) from `bc625d5` to `47a6925`. - [Commits](owasp-modsecurity/ModSecurity-Python-bindings@bc625d5...47a6925) --- updated-dependencies: - dependency-name: bindings/python dependency-version: 47a6925df187f96e4593afab18dc92d5f22bd4d5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [test/test-cases/secrules-language-tests](https://github.com/owasp-modsecurity/secrules-language-tests) from `a3d4405` to `c6e8802`. - [Commits](owasp-modsecurity/secrules-language-tests@a3d4405...c6e8802) --- updated-dependencies: - dependency-name: test/test-cases/secrules-language-tests dependency-version: c6e8802366ec3182b8c2612e23d14e19e3545b47 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
…est-cases/secrules-language-tests-c6e8802 Submodule Update: Bump test/test-cases/secrules-language-tests from `a3d4405` to `c6e8802`
…gs/python-47a6925 Submodule Update: Bump bindings/python from `bc625d5` to `47a6925`
…/libinjection-b2d46ec Submodule Update: Bump others/libinjection from `b9fcaaf` to `b2d46ec`
…/mbedtls-e5ba96c Submodule Update: Bump others/mbedtls from `2ca6c28` to `e5ba96c`
…tions/checkout-6 GitHub Actions Updates: Bump actions/checkout from 4 to 6
This workflow file sets up a CI pipeline for quality assurance on Linux, macOS, and Windows platforms. It includes jobs for building, checking dependencies, and running cppcheck for static analysis.
Update Mbed TLS base64 source file path check.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi all,
I tried to analyze this issue and propose a possible fix using an AI-assisted approach. For transparency: I am not a professional programmer, and this contribution is meant purely as a helpful starting point / discussion basis, not as a final or authoritative solution. Based on this, I created an initial draft patch / pull request and would appreciate your feedback.
What I did:
Updated the build logic to reflect the changed file/layout structure in Mbed TLS 4.x (e.g. library/base64.c is no longer present there).
Removed Linux 32-bit support.
Temporarily disabled Windows support.
Split the build.sh into separate scripts for macOS and Linux, so I can test the builds in a more system-specific way.
With the Linux setup, Mbed TLS 4.x can now be compiled directly.
With these changes, the build proceeds further. However, since I do not have deep technical expertise in this area, I cannot fully validate the solution myself and I am strongly relying on feedback, corrections, and guidance from the community.
All relevant sources and dependencies were updated to their latest available versions as part of this change.
On Linux, the libmbedtls-dev package is required, and on macOS the mbedtls package (e.g. via Homebrew).
Alternatively, Mbed TLS can also be built from source on Linux, which is handled in build_on_linux.
Open questions:
Are you open to a community contribution supporting Mbed TLS 4.x in ModSecurity v3?
If so, which branch would be preferred (a separate branch due to possible breaking changes vs. direct merge into main)?
Should the documentation explicitly clarify which Mbed TLS versions are officially supported?
I’m providing this patch as a form of assistance only and I’m very grateful for any corrections, suggestions, or improvements.
Resolves #3450
Thanks and best regards,
Steinbacher