Manuel Pégourié-Gonnard
Manuel Pégourié-Gonnard
The failures in the CI are due to timeouts, but we can't merge without a complete CI, so I'm restarting the jobs again.
I'd say this needs a 3.6 backport too, now. Edit: ah, was already in the PR description, I had missed it as the end of the line after the 2.28...
While at it, please also make sure the freshness of `tests/src/test_certs.h` (which is similarly both generated and checked in), is tested on the CI.
> I would prefer to avoid having both files that are generated and files whose freshness is tested. Fully agreed, glad you said that. (I was afraid there was a...
Actually, once part 1 is done, the generation scripts for `test_certs.h` and `test_key.h` will start looking very similar and probably want to share more code. Actually would if make sense...
CI's not passing, and since the same components are failing on both Open and Internal (and same for the 3.6 backport too) I think it's real.
Note: 3.0 or higher is also necessary in order to test FFDH in TLS 1.3, see https://github.com/Mbed-TLS/mbedtls/pull/7627#issuecomment-1589374212 (Btw, our current "base" version is 1.0.2 which is already EOL. We might...
> Note: 3.0 or higher is also necessary in order to test FFDH in TLS 1.3, see [#7627 (comment)](https://github.com/Mbed-TLS/mbedtls/pull/7627#issuecomment-1589374212) I'm moving this issue in the same EPIC as FFDH support,...
Note: this means currently all the cases that require OpenSSL 3.x are never executed in the CI. See #2691 - but also #5389 and #5390. CC @gilles-peskine-arm FYI.
I'm not aware of any reason we would need both, so I think just replacing `OPENSSL_NEXT` with 3.x should be good. Of course, with this kind of thing, we never...