warmcat
lws/mbedtls-openssl: Supplement x509 method structure implementation
Well, with that on top it builds locally OK.
I removed the old one from v4.4-stable, let's try this one in CI again with main
Well, with that on top it builds locally OK.
I removed the old one from v4.4-stable, let's try this one in CI again with main
very thanks. By the way, could I modify openssl interfaces wrappered by mbedtls? I understand that the original implementation is more in line with OpenSSL's implementation but loses the advantages of mbedtls.
Originally there was a big difficulty implementing mbedtls support, because it is so different from openssl. So I borrowed the Espressif openssl wrapper (it's also MIT) to reduce the gulf. And we have been OK working like that.
If there's something to gain we can consider it, but it's needed that we can still build with esp-idf (espresssif SDK). AFAIK we don't conflict or use the esp-idf original wrapper, just the one that is in-tree.
AFAIK the wrapper is very light, but if there are advantages and nothing breaks, sure.
Originally there was a big difficulty implementing mbedtls support, because it is so different from openssl. So I borrowed the Espressif openssl wrapper (it's also MIT) to reduce the gulf. And we have been OK working like that.
If there's something to gain we can consider it, but it's needed that we can still build with esp-idf (espresssif SDK). AFAIK we don't conflict or use the esp-idf original wrapper, just the one that is in-tree.
AFAIK the wrapper is very light, but if there are advantages and nothing breaks, sure.
Got it. We are maintaining the RTOS operating system NuttX, and we have also encountered many third-party libraries that use OpenSSL interfaces and require mbedtls as the backend implementation. We have also drawn on the Espressif SDK implementation, mainly modifying part of the dynamic memory usage, which will have certain advantages in IoT devices.
@lws-team hello why precheck will show the folloing conflicts? I didn't change these code
LWS_VISIBLE LWS_EXTERN int
<<<<<<< default-ca2
lws_spawn_cgroup_admin_init(const char *toplevel_name,
const char *user, const char *group);
=======
lws_spawn_prepare_self_cgroup(const char *user, const char *group);
LWS_VISIBLE LWS_EXTERN int
lws_spawn_get_self_cgroup(char *cgroup, size_t max);
>>>>>>> main
#endif
You can't pull main, it is developed by force-pushing. To update to it, for example (save any changes somewhere first) git fetch origin +main:m && git reset --hard m
@lws-team Thanks, i rebase my code and merged patch before. Please review
Sorry, these are on top of current main? That tree already has your patches from yesterday
commit ede430b93deaad93035d2210ec51b02715062afe
Author: makejian <[email protected]>
Date: Thu Jul 31 19:19:35 2025 +0800
[PATCH] lws/mbedtls-openssl: Supplement x509 method structure
implementation
Signed-off-by: makejian <[email protected]>
commit e8c1b9ce392154493c9a04b7a9ea966010fce9ef
Author: makejian <[email protected]>
Date: Thu Jul 31 15:20:28 2025 +0800
[PATCH] lws/mbedtls-client: aligned with openssl-client to load
default ca path
The client based on mbedtls backend does not implement the loading certificate from the default path, but the client based on openssl backend does.
Signed-off-by: makejian <[email protected]>
commit bb360aa205bda7792563c6efbba3bfedf4cec0ca
Author: makejian <[email protected]>
Date: Thu Jul 31 15:56:53 2025 +0800
[PATCH] lws/mbedtls: export Export SSL_CTX_load_verify series
interfaces
Support interfaces SSL_CTX_load_verify_file/SSL_CTX_load_verify_dir/SSL_CTX_load_verify_locations to align with openssl-client behavior
Signed-off-by: makejian <[email protected]>
These two patches are fixes, new features...?
@lws-team Maybe I misunderstood. Let me confirm again: has this feature been merged into the main branch?