ustream-mbedtls: Add compatibility with Mbed TLS 3.0.0

This adds support for compiling the code against Mbed TLS 3.0.0.
It still compiles against Mbed TLS 2.28.

The following changes were needed:
 * DES and 3DES was removed
 * mbedtls_pk_context->pk_info is private, use mbedtls_pk_get_type()
   to check if it was initialized
 * mbedtls_pk_parse_keyfile() now gets a random callback
 * mbedtls/certs.h contains test data and is not installed any more and
   not needed.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

ustream-mbedtls.c

@@ -110,9 +110,15 @@ static const int default_ciphersuites_client[] =
 	AES_CBC_CIPHERS(ECDHE_ECDSA),
 	AES_CBC_CIPHERS(ECDHE_RSA),
 	AES_CBC_CIPHERS(DHE_RSA),
+/* Removed in Mbed TLS 3.0.0 */
+#ifdef MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
 	MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+#endif
 	AES_CIPHERS(RSA),
+/* Removed in Mbed TLS 3.0.0 */
+#ifdef MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
 	MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+#endif
 	0
 };
 
@@ -171,7 +177,7 @@ static void ustream_ssl_update_own_cert(struct ustream_ssl_ctx *ctx)
 	if (!ctx->cert.version)
 		return;
 
-	if (!ctx->key.pk_info)
+	if (mbedtls_pk_get_type(&ctx->key) == MBEDTLS_PK_NONE)
 		return;
 
 	mbedtls_ssl_conf_own_cert(&ctx->conf, &ctx->cert, &ctx->key);
@@ -206,7 +212,11 @@ __hidden int __ustream_ssl_set_key_file(struct ustream_ssl_ctx *ctx, const char
 {
 	int ret;
 
+#if (MBEDTLS_VERSION_NUMBER >= 0x03000000)
+	ret = mbedtls_pk_parse_keyfile(&ctx->key, file, NULL, _random, NULL);
+#else
 	ret = mbedtls_pk_parse_keyfile(&ctx->key, file, NULL);
+#endif
 	if (ret)
 		return -1;
 

ustream-mbedtls.h

@@ -21,7 +21,6 @@
 
 #include <mbedtls/net_sockets.h>
 #include <mbedtls/ssl.h>
-#include <mbedtls/certs.h>
 #include <mbedtls/x509.h>
 #include <mbedtls/rsa.h>
 #include <mbedtls/error.h>