From: Niels Martignène <niels.martignene@protonmail.com>
Date: Fri, 7 Jan 2022 10:36:31 +0000 (+0100)
Subject: mbedtls: Fix ssl_init error with mbedTLS 3.1.0+
X-Git-Tag: curl-7_82_0~241
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=919baa580241ae1328d10aeaaf68be1351d41fcf;p=thirdparty%2Fcurl.git

mbedtls: Fix ssl_init error with mbedTLS 3.1.0+

Since mbedTLS 3.1.0, mbedtls_ssl_setup() fails if the provided
config struct is not valid.

mbedtls_ssl_config_defaults() needs to be called before the config
struct is passed to mbedtls_ssl_setup().

Closes #8238
---

diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index 1d209b2732..6f6b11ff65 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -469,12 +469,6 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
   infof(data, "mbedTLS: Connecting to %s:%ld", hostname, port);
 
   mbedtls_ssl_config_init(&backend->config);
-
-  mbedtls_ssl_init(&backend->ssl);
-  if(mbedtls_ssl_setup(&backend->ssl, &backend->config)) {
-    failf(data, "mbedTLS: ssl_init failed");
-    return CURLE_SSL_CONNECT_ERROR;
-  }
   ret = mbedtls_ssl_config_defaults(&backend->config,
                                     MBEDTLS_SSL_IS_CLIENT,
                                     MBEDTLS_SSL_TRANSPORT_STREAM,
@@ -484,6 +478,12 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
     return CURLE_SSL_CONNECT_ERROR;
   }
 
+  mbedtls_ssl_init(&backend->ssl);
+  if(mbedtls_ssl_setup(&backend->ssl, &backend->config)) {
+    failf(data, "mbedTLS: ssl_init failed");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
   /* new profile with RSA min key len = 1024 ... */
   mbedtls_ssl_conf_cert_profile(&backend->config,
                                 &mbedtls_x509_crt_profile_fr);