[Openvpn-devel,v2] GHA: Update mbedtls to v4

Message ID	20260124181814.30331-1-gert@greenie.muc.de
State	New
Headers	show Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; From: Gert Doering <gert@greenie.muc.de> To: openvpn-devel@lists.sourceforge.net Date: Sat, 24 Jan 2026 19:18:07 +0100 Message-ID: <20260124181814.30331-1-gert@greenie.muc.de> In-Reply-To: <gerrit.1768409585000.I658b1b24da304938225a8f834d7484671a63360f@gerrit.openvpn.net> References: <gerrit.1768409585000.I658b1b24da304938225a8f834d7484671a63360f@gerrit.openvpn.net> MIME-Version: 1.0 preview: From: Frank Lichtenheld <frank@lichtenheld.com> Also switch from Make to CMake for building it because the former is not supported anymore. Change-Id: I658b1b24da304938225a8f834d7484671a63360f Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Yuriy Darnobyt <yura.uddr@gmail.com> Gerrit URL: https://gerrit.openvpn.net/c/op [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS Subject: [Openvpn-devel] [PATCH v2] GHA: Update mbedtls to v4 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox
Series	[Openvpn-devel,v2] GHA: Update mbedtls to v4 \| expand [Openvpn-devel,v2] GHA: Update mbedtls to v4

Message ID

20260124181814.30331-1-gert@greenie.muc.de

State

New

Headers

Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Sat, 24 Jan 2026 19:18:07 +0100
Message-ID: <20260124181814.30331-1-gert@greenie.muc.de>
In-Reply-To: 
 <gerrit.1768409585000.I658b1b24da304938225a8f834d7484671a63360f@gerrit.openvpn.net>
References: 
 <gerrit.1768409585000.I658b1b24da304938225a8f834d7484671a63360f@gerrit.openvpn.net>
MIME-Version: 1.0
Subject: [Openvpn-devel] [PATCH v2] GHA: Update mbedtls to v4
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net

Series

[Openvpn-devel,v2] GHA: Update mbedtls to v4 | expand

Commit Message

Gert Doering Jan. 24, 2026, 6:18 p.m. UTC

From: Frank Lichtenheld <frank@lichtenheld.com>

Also switch from Make to CMake for building it
because the former is not supported anymore.

Change-Id: I658b1b24da304938225a8f834d7484671a63360f
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Yuriy Darnobyt <yura.uddr@gmail.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1474
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1474
This mail reflects revision 2 of this Change.

Acked-by according to Gerrit (reflected above):
Yuriy Darnobyt <yura.uddr@gmail.com>

Comments

Gert Doering Jan. 24, 2026, 10:18 p.m. UTC | #1

Tested via GHA :-) - and lo and behold, it builds mbedtls4 builds, and
those succeed...!  (The mbedtls4 builds replace the "legacy" mbedtls3
builds - we have those in BB)

No actual code change for OpenVPN, just build instructions for GH.

The mbedtls4 builds now do build the test suite as well (our mbedtls3
builds didn't) - not sure if that can be avoided, but it takes quite
a bit of time...

Your patch has been applied to the master branch.

commit c7fbd8a302ac679d2fead0c70dcfff61ce953c47
Author: Frank Lichtenheld
Date:   Sat Jan 24 19:18:07 2026 +0100

     GHA: Update mbedtls to v4

     Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
     Acked-by: Yuriy Darnobyt <yura.uddr@gmail.com>
     Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1474
     Message-Id: <20260124181814.30331-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35421.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index d1322c7..ef9b3f5 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -366,12 +366,12 @@ 
       - name: make check
         run: make -j3 check VERBOSE=1
 
-  mbedtls3:
+  mbedtls4:
     strategy:
       fail-fast: false
       matrix:
         os: [ubuntu-22.04]
-        ssllib: [mbedtls3]
+        ssllib: [mbedtls4]
         build: [ normal, asan ]
         include:
           - build: asan
@@ -398,15 +398,19 @@ 
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           path: mbedtls
-          submodules: true
+          submodules: recursive
           # versioning=semver-coerced
           repository: Mbed-TLS/mbedtls
-          ref: v3.6.5
-      - name: "mbedtls: make no_test"
-        run: make -j3 no_test SHARED=1
+          ref: v4.0.0
+      - uses: lukka/get-cmake@2ecc21724e5215b0e567bc399a2602d2ecb48541 # v4.1.1
+      - name: "mbedtls: cmake"
+        run: cmake -B build
         working-directory: mbedtls
-      - name: "mbedtls: make install"
-        run: sudo make install DESTDIR=/usr
+      - name: "mbedtls: cmake --build"
+        run: cmake --build build
+        working-directory: mbedtls
+      - name: "mbedtls: cmake --install"
+        run: sudo cmake --install build --prefix /usr
         working-directory: mbedtls
       - name: Checkout OpenVPN
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

[Openvpn-devel,v2] GHA: Update mbedtls to v4

Commit Message

Comments

Patch