Fix problems in CI

.github/workflows/test.yaml

@@ -121,13 +121,13 @@ jobs:
         run: brew install mbedtls
       - name: build and run tests (OpenSSL)
         if: matrix.tls_backend == 'openssl'
-        run: cd test && make
+        run: cd test && make PREFIX=$(brew --prefix)
       - name: build and run tests (Mbed TLS)
         if: matrix.tls_backend == 'mbedtls'
-        run: cd test && make test_mbedtls && ./test_mbedtls
+        run: cd test && make test_mbedtls PREFIX=$(brew --prefix) && ./test_mbedtls
       - name: run fuzz test target
         if: matrix.tls_backend == 'openssl'
-        run: cd test && make fuzz_test
+        run: cd test && make fuzz_test PREFIX=$(brew --prefix)
 
   windows:
     runs-on: windows-latest

.github/workflows/test_proxy.yaml

@@ -6,15 +6,28 @@ jobs:
   test-proxy:
     runs-on: ubuntu-latest
     if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
-    
+    strategy:
+      matrix:
+        tls_backend: [openssl, mbedtls]
+    name: proxy (${{ matrix.tls_backend }})
+
     steps:
-    - uses: actions/checkout@v3
-    
-    - name: Install dependencies
+    - uses: actions/checkout@v4
+
+    - name: Install common dependencies
       run: |
         sudo apt-get update
-        sudo apt-get install -y build-essential libssl-dev zlib1g-dev libcurl4-openssl-dev libbrotli-dev libzstd-dev netcat-openbsd
-        
-    - name: Run proxy tests
-      run: |
-        cd test && make proxy
+        sudo apt-get install -y build-essential zlib1g-dev libcurl4-openssl-dev libbrotli-dev libzstd-dev netcat-openbsd
+    - name: Install OpenSSL
+      if: matrix.tls_backend == 'openssl'
+      run: sudo apt-get install -y libssl-dev
+    - name: Install Mbed TLS
+      if: matrix.tls_backend == 'mbedtls'
+      run: sudo apt-get install -y libmbedtls-dev
+
+    - name: Run proxy tests (OpenSSL)
+      if: matrix.tls_backend == 'openssl'
+      run: cd test && make proxy
+    - name: Run proxy tests (Mbed TLS)
+      if: matrix.tls_backend == 'mbedtls'
+      run: cd test && make proxy_mbedtls

.gitignore

@@ -38,6 +38,7 @@ test/server_fuzzer
 test/test_proxy
 test/test_proxy_mbedtls
 test/test_split
+test/test_split_mbedtls
 test/test.xcodeproj/xcuser*
 test/test.xcodeproj/*/xcuser*
 test/*.o

httplib.h

@@ -372,6 +372,7 @@ using socket_t = int;
 #include <mbedtls/net_sockets.h>
 #include <mbedtls/oid.h>
 #include <mbedtls/pk.h>
+#include <mbedtls/sha1.h>
 #include <mbedtls/sha256.h>
 #include <mbedtls/sha512.h>
 #include <mbedtls/ssl.h>
@@ -7414,8 +7415,13 @@ inline std::string SHA_512(const std::string &s) {
 #elif defined(CPPHTTPLIB_MBEDTLS_SUPPORT)
 inline std::string MD5(const std::string &s) {
   unsigned char hash[16];
+#if MBEDTLS_VERSION_MAJOR >= 3
   mbedtls_md5(reinterpret_cast<const unsigned char *>(s.c_str()), s.size(),
               hash);
+#else
+  mbedtls_md5_ret(reinterpret_cast<const unsigned char *>(s.c_str()), s.size(),
+                  hash);
+#endif
 
   std::stringstream ss;
   for (auto i = 0u; i < 16; ++i) {
@@ -7427,8 +7433,13 @@ inline std::string MD5(const std::string &s) {
 
 inline std::string SHA_256(const std::string &s) {
   unsigned char hash[32];
+#if MBEDTLS_VERSION_MAJOR >= 3
   mbedtls_sha256(reinterpret_cast<const unsigned char *>(s.c_str()), s.size(),
                  hash, 0);
+#else
+  mbedtls_sha256_ret(reinterpret_cast<const unsigned char *>(s.c_str()),
+                     s.size(), hash, 0);
+#endif
 
   std::stringstream ss;
   for (auto i = 0u; i < 32; ++i) {
@@ -7440,8 +7451,13 @@ inline std::string SHA_256(const std::string &s) {
 
 inline std::string SHA_512(const std::string &s) {
   unsigned char hash[64];
+#if MBEDTLS_VERSION_MAJOR >= 3
   mbedtls_sha512(reinterpret_cast<const unsigned char *>(s.c_str()), s.size(),
                  hash, 0);
+#else
+  mbedtls_sha512_ret(reinterpret_cast<const unsigned char *>(s.c_str()),
+                     s.size(), hash, 0);
+#endif
 
   std::stringstream ss;
   for (auto i = 0u; i < 64; ++i) {
@@ -13753,24 +13769,49 @@ inline bool hash_raw(HashAlgorithm algo, const void *data, size_t len,
   int ret = 0;
   switch (algo) {
   case HashAlgorithm::MD5:
+#if MBEDTLS_VERSION_MAJOR >= 3
     ret = mbedtls_md5(static_cast<const unsigned char *>(data), len,
                       digest.data());
+#else
+    ret = mbedtls_md5_ret(static_cast<const unsigned char *>(data), len,
+                          digest.data());
+#endif
     break;
   case HashAlgorithm::SHA1:
+#if MBEDTLS_VERSION_MAJOR >= 3
     ret = mbedtls_sha1(static_cast<const unsigned char *>(data), len,
                        digest.data());
+#else
+    ret = mbedtls_sha1_ret(static_cast<const unsigned char *>(data), len,
+                           digest.data());
+#endif
     break;
   case HashAlgorithm::SHA256:
+#if MBEDTLS_VERSION_MAJOR >= 3
     ret = mbedtls_sha256(static_cast<const unsigned char *>(data), len,
                          digest.data(), 0);
+#else
+    ret = mbedtls_sha256_ret(static_cast<const unsigned char *>(data), len,
+                             digest.data(), 0);
+#endif
     break;
   case HashAlgorithm::SHA384:
+#if MBEDTLS_VERSION_MAJOR >= 3
     ret = mbedtls_sha512(static_cast<const unsigned char *>(data), len,
                          digest.data(), 1); // is384 = 1
+#else
+    ret = mbedtls_sha512_ret(static_cast<const unsigned char *>(data), len,
+                             digest.data(), 1); // is384 = 1
+#endif
     break;
   case HashAlgorithm::SHA512:
+#if MBEDTLS_VERSION_MAJOR >= 3
     ret = mbedtls_sha512(static_cast<const unsigned char *>(data), len,
                          digest.data(), 0);
+#else
+    ret = mbedtls_sha512_ret(static_cast<const unsigned char *>(data), len,
+                             digest.data(), 0);
+#endif
     break;
   }
   return ret == 0;
@@ -15187,19 +15228,19 @@ inline std::string tls_verify_error_string(long error_code) {
 
 // ClientConnection destructor (defined here because tls namespace
 // is now available)
-#ifdef CPPHTTPLIB_SSL_ENABLED
 inline ClientConnection::~ClientConnection() {
+#ifdef CPPHTTPLIB_SSL_ENABLED
   if (session) {
     detail::tls::tls_shutdown(session, true);
     detail::tls::tls_free_session(session);
     session = nullptr;
   }
+#endif
   if (sock != INVALID_SOCKET) {
     detail::close_socket(sock);
     sock = INVALID_SOCKET;
   }
 }
-#endif // CPPHTTPLIB_SSL_ENABLED
 
 /*
  * SSL Implementation