Enhance Mbed TLS support and add guidance documentation

2026-01-19 04:52:08 +00:00 · 2026-01-13 21:26:46 -05:00
parent 57ae35db5f
commit 47660e73d8
2 changed files with 27 additions and 0 deletions
--- a/httplib.h
+++ b/httplib.h
@@ -365,6 +365,12 @@ using socket_t = int;
 #endif // CPPHTTPLIB_OPENSSL_SUPPORT

 #ifdef CPPHTTPLIB_MBEDTLS_SUPPORT
+#include <mbedtls/version.h>
+#if MBEDTLS_VERSION_MAJOR >= 3
+#include <mbedtls/build_info.h>
+#else
+#include <mbedtls/config.h>
+#endif
 #include <mbedtls/ctr_drbg.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/error.h>
@@ -377,6 +383,12 @@ using socket_t = int;
 #include <mbedtls/sha512.h>
 #include <mbedtls/ssl.h>
 #include <mbedtls/x509_crt.h>
+
+// Define macro for encrypted private key support
+// PKCS#8 encrypted keys require MBEDTLS_PKCS5_C
+#if defined(MBEDTLS_PKCS5_C)
+#define CPPHTTPLIB_MBEDTLS_ENCRYPTED_KEY_SUPPORT
+#endif
 #ifdef _WIN32
 #include <wincrypt.h>
 #ifdef _MSC_VER
--- a/test/test.cc
+++ b/test/test.cc
@@ -2530,6 +2530,11 @@ TEST(BindServerTest, BindAndListenSeparatelySSL) {

 #ifdef CPPHTTPLIB_SSL_ENABLED
 TEST(BindServerTest, BindAndListenSeparatelySSLEncryptedKey) {
+  // Skip if Mbed TLS without PKCS5 support (required for encrypted keys)
+#if defined(CPPHTTPLIB_MBEDTLS_SUPPORT) &&                                     \
+    !defined(CPPHTTPLIB_MBEDTLS_ENCRYPTED_KEY_SUPPORT)
+  GTEST_SKIP() << "Mbed TLS PKCS5 support not available";
+#endif
  SSLServer svr(SERVER_ENCRYPTED_CERT_FILE, SERVER_ENCRYPTED_PRIVATE_KEY_FILE,
                nullptr, nullptr, SERVER_ENCRYPTED_PRIVATE_KEY_PASS);
  int port = svr.bind_to_any_port("0.0.0.0");
@@ -8827,6 +8832,11 @@ TEST(SSLClientServerTest, ClientCertPresent) {
 }

 TEST(SSLClientServerTest, ClientEncryptedCertPresent) {
+  // Skip if Mbed TLS without PKCS5 support (required for encrypted keys)
+#if defined(CPPHTTPLIB_MBEDTLS_SUPPORT) &&                                     \
+    !defined(CPPHTTPLIB_MBEDTLS_ENCRYPTED_KEY_SUPPORT)
+  GTEST_SKIP() << "Mbed TLS PKCS5 support not available";
+#endif
  ClientCertPresent(CLIENT_ENCRYPTED_CERT_FILE,
                    CLIENT_ENCRYPTED_PRIVATE_KEY_FILE,
                    CLIENT_ENCRYPTED_PRIVATE_KEY_PASS);
@@ -8897,6 +8907,11 @@ TEST(SSLClientServerTest, PemMemoryClientCertPresent) {
 }

 TEST(SSLClientServerTest, PemMemoryClientEncryptedCertPresent) {
+  // Skip if Mbed TLS without PKCS5 support (required for encrypted keys)
+#if defined(CPPHTTPLIB_MBEDTLS_SUPPORT) &&                                     \
+    !defined(CPPHTTPLIB_MBEDTLS_ENCRYPTED_KEY_SUPPORT)
+  GTEST_SKIP() << "Mbed TLS PKCS5 support not available";
+#endif
  PemMemoryClientCertPresent(CLIENT_ENCRYPTED_CERT_FILE,
                             CLIENT_ENCRYPTED_PRIVATE_KEY_FILE,
                             CLIENT_ENCRYPTED_PRIVATE_KEY_PASS);