Resending from a month ago: http://lists.infradead.org/pipermail/hostap/2022-September/040794.html Greetings! I am a lighttpd developer who has written TLS modules for lighttpd to support OpenSSL, mbed TLS, GnuTLS, WolfSSL, and NSS TLS libraries. I am in the process of porting hostap to have the option to use mbedtls in support of https://github.com/openwrt/openwrt/issues/10303 My patches are available for wider testing with OpenWRT https://github.com/openwrt/openwrt/pull/10727 development branch: https://github.com/gstrauss/hostap/tree/mbedtls My branch builds with mbedtls 2.27.0 or later, and also with mbedtls 3.x Please note: my effort here is independent from https://www.spinics.net/lists/hostap/msg09799.html Status: My development branch now passes almost all tests/hwsim tests, except for tests/hwsim tests which also fail for openssl, and not including features skipped in the framework. Skipped features include EAP-FAST, EAP-TEAP, DPP2, DPP3, OCSP, TLSv1.3). Running tests/hwsim with mbedtls requires following tests/hwsim/README and modifying wpa_supplicant/.config and hostapd/.config to set CONFIG_TLS=mbedtls and to comment out CONFIG_TLS=openssl, or to override the value on the make command line with 'make CONFIG_TLS=mbedtls ...' My development branch also adds the ability for run-tests to test using different crypto libraries (assuming the crypto libraries are installed) cd tests for crypto_lib in mbedtls openssl gnutls wolfssl internal; do make -j 4 CONFIG_TLS=$crypto_lib clean make -j 4 CONFIG_TLS=$crypto_lib run-tests make -j 4 CONFIG_TLS=$crypto_lib clean done Before I post a patchset containing 7500+ lines changed, please let me know if there is a better way to continue development of these patches and to obtain feedback. (PRs are welcome at https://github.com/gstrauss/hostap to the 'mbedtls' branch) Thank you. Glenn _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap