)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"82d946ca2caca0e03dac6009921709e075bd30bf","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"3d2ffceb_fc9fd147","updated":"2025-05-22 13:08:05.000000000","message":"the cmake detection didn\u0027t work properly for me but we should also not use that (see other comment) \n\nSo I tested with replacing !HAVE_MBEDTLS_SSL_EXPORT_KEYING_MATERIAL \ndefined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) in the source code to test this.\n\nI can confirm that the patch otherwise works.","commit_id":"705d88af2d692d1350599960d4c343a6de26e34a"}],"CMakeLists.txt":[{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"82d946ca2caca0e03dac6009921709e075bd30bf","unresolved":true,"context_lines":[{"line_number":302,"context_line":"    check_symbol_exists(mbedtls_ctr_drbg_update_ret mbedtls/ctr_drbg.h HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET)"},{"line_number":303,"context_line":"    check_symbol_exists(mbedtls_ssl_conf_export_keys_ext_cb mbedtls/ssl.h HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB)"},{"line_number":304,"context_line":"    check_symbol_exists(mbedtls_ssl_set_export_keys_cb mbedtls/ssl.h HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB)"},{"line_number":305,"context_line":"    check_symbol_exists(mbedtls_ssl_export_keying_material mbedtls/ssl.h HAVE_MBEDTLS_SSL_EXPORT_KEYING_MATERIAL)"},{"line_number":306,"context_line":"    check_include_files(psa/crypto.h HAVE_MBEDTLS_PSA_CRYPTO_H)"},{"line_number":307,"context_line":"endfunction()"},{"line_number":308,"context_line":""}],"source_content_type":"text/x-cmake","patch_set":2,"id":"93bf1992_f65e7263","line":305,"updated":"2025-05-22 13:08:05.000000000","message":"shouldn\u0027t we rather rely on the mbed TLS configuration define MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to detect this?\n\nWe have to do this cmake/configure.ac dance for the old apis since mbed TLS doesn\u0027t have a proper define but to detect if the API is available using MBEDTLS_SSL_KEYING_MATERIAL_EXPORT should work unless I am overlooking something.","commit_id":"705d88af2d692d1350599960d4c343a6de26e34a"},{"author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"change_message_id":"6726ade03739e1a245179bf5e6c41f2dbbc2bb29","unresolved":false,"context_lines":[{"line_number":302,"context_line":"    check_symbol_exists(mbedtls_ctr_drbg_update_ret mbedtls/ctr_drbg.h HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET)"},{"line_number":303,"context_line":"    check_symbol_exists(mbedtls_ssl_conf_export_keys_ext_cb mbedtls/ssl.h HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB)"},{"line_number":304,"context_line":"    check_symbol_exists(mbedtls_ssl_set_export_keys_cb mbedtls/ssl.h HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB)"},{"line_number":305,"context_line":"    check_symbol_exists(mbedtls_ssl_export_keying_material mbedtls/ssl.h HAVE_MBEDTLS_SSL_EXPORT_KEYING_MATERIAL)"},{"line_number":306,"context_line":"    check_include_files(psa/crypto.h HAVE_MBEDTLS_PSA_CRYPTO_H)"},{"line_number":307,"context_line":"endfunction()"},{"line_number":308,"context_line":""}],"source_content_type":"text/x-cmake","patch_set":2,"id":"cb4b863e_7a90ad49","line":305,"in_reply_to":"1d83a9bb_a8f284fc","updated":"2025-06-03 14:12:47.000000000","message":"Done","commit_id":"705d88af2d692d1350599960d4c343a6de26e34a"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"afcf6ed9ffcda8e5377e0ba0a56b00a95eebd086","unresolved":true,"context_lines":[{"line_number":302,"context_line":"    check_symbol_exists(mbedtls_ctr_drbg_update_ret mbedtls/ctr_drbg.h HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET)"},{"line_number":303,"context_line":"    check_symbol_exists(mbedtls_ssl_conf_export_keys_ext_cb mbedtls/ssl.h HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB)"},{"line_number":304,"context_line":"    check_symbol_exists(mbedtls_ssl_set_export_keys_cb mbedtls/ssl.h HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB)"},{"line_number":305,"context_line":"    check_symbol_exists(mbedtls_ssl_export_keying_material mbedtls/ssl.h HAVE_MBEDTLS_SSL_EXPORT_KEYING_MATERIAL)"},{"line_number":306,"context_line":"    check_include_files(psa/crypto.h HAVE_MBEDTLS_PSA_CRYPTO_H)"},{"line_number":307,"context_line":"endfunction()"},{"line_number":308,"context_line":""}],"source_content_type":"text/x-cmake","patch_set":2,"id":"1d83a9bb_a8f284fc","line":305,"in_reply_to":"48dc00df_b6879caa","updated":"2025-05-23 10:43:24.000000000","message":"I saw your other commit and I think we can stop supporting TLS libraries that do not support export key material now.","commit_id":"705d88af2d692d1350599960d4c343a6de26e34a"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"c33f22e8d87156c49c42c3fce1848a8ea7156687","unresolved":true,"context_lines":[{"line_number":302,"context_line":"    check_symbol_exists(mbedtls_ctr_drbg_update_ret mbedtls/ctr_drbg.h HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET)"},{"line_number":303,"context_line":"    check_symbol_exists(mbedtls_ssl_conf_export_keys_ext_cb mbedtls/ssl.h HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB)"},{"line_number":304,"context_line":"    check_symbol_exists(mbedtls_ssl_set_export_keys_cb mbedtls/ssl.h HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB)"},{"line_number":305,"context_line":"    check_symbol_exists(mbedtls_ssl_export_keying_material mbedtls/ssl.h HAVE_MBEDTLS_SSL_EXPORT_KEYING_MATERIAL)"},{"line_number":306,"context_line":"    check_include_files(psa/crypto.h HAVE_MBEDTLS_PSA_CRYPTO_H)"},{"line_number":307,"context_line":"endfunction()"},{"line_number":308,"context_line":""}],"source_content_type":"text/x-cmake","patch_set":2,"id":"48dc00df_b6879caa","line":305,"in_reply_to":"93bf1992_f65e7263","updated":"2025-05-22 13:35:11.000000000","message":"In configure.ac, we need to check if one of the key exporting callbacks exists, or if mbedtls_ssl_export_keying_material() exists, to determine if we should set HAVE_EXPORT_KEYING_MATERIAL. Is it possible to check that a define exists in autoconf?\n\nAlternatively, we could just refuse to compile if there\u0027s no way to export keying material, but I think I would rather do that in a different commit.","commit_id":"705d88af2d692d1350599960d4c343a6de26e34a"}]}