Revert MBedTLS changes

.github/workflows/build.yml

@@ -74,7 +74,7 @@ jobs:
             minos: 7.0
     runs-on: macos-12
     env:
-      MBEDTLS_VERSION: 3.6.0
+      MBEDTLS_VERSION: 3.5.2
       READLINE_VERSION: 8.2
 
     steps:
@@ -98,10 +98,10 @@ jobs:
       - name: Download dependencies (source code)
         run: |
           curl -LOOOOOO \
-            https://github.com/Mbed-TLS/mbedtls/releases/download/v${{ env.MBEDTLS_VERSION }}/mbedtls-${{ env.MBEDTLS_VERSION }}.tar.bz2 \
+            https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v${{ env.MBEDTLS_VERSION }}.tar.gz \
             https://mirror-hk.koddos.net/gnu/readline/readline-${{ env.READLINE_VERSION }}.tar.gz
 
-          tar -xjf mbedtls-${{ env.MBEDTLS_VERSION }}.tar.bz2
+          tar -xf v${{ env.MBEDTLS_VERSION }}.tar.gz
           tar -xf readline-${{ env.READLINE_VERSION }}.tar.gz
           git clone --depth=1 https://github.com/libimobiledevice/libplist
           git clone --depth=1 https://github.com/libimobiledevice/libimobiledevice-glue
@@ -176,6 +176,7 @@ jobs:
       - name: Build Mbed TLS
         run: |
           cd mbedtls-${{ env.MBEDTLS_VERSION }}
+          cat ../patches/mbedtls/0001-Allow-empty-x509-cert-issuer.patch | patch -sN -d . -p1
           mkdir build
           cd build
           SDKROOT="${{ env.SDK }}" cmake .. \
@@ -249,7 +250,6 @@ jobs:
       - name: Build libimobiledevice
         run: |
           cd libimobiledevice
-          cat ../patches/libimobiledevice/*.patch | patch -sN -d . -p1
           autoreconf -fiv
           ./configure ${{ env.CONFIGURE_ARGS }} --with-mbedtls --enable-debug
           echo -e 'all:\ninstall:' > tools/Makefile
@@ -477,7 +477,7 @@ jobs:
         - aarch64-linux-musl
     runs-on: ubuntu-latest
     env:
-      MBEDTLS_VERSION: 3.6.0
+      MBEDTLS_VERSION: 3.5.2
       LIBUSB_VERSION: 1.0.27
       READLINE_VERSION: 8.2
       GPM_VERSION: 1.20.7
@@ -548,13 +548,13 @@ jobs:
 
       - name: Download dependencies (source code)
         run: |
-          curl -LOOOO \
+          curl -LOOOOOOO \
-            https://github.com/Mbed-TLS/mbedtls/releases/download/v${{ env.MBEDTLS_VERSION }}/mbedtls-${{ env.MBEDTLS_VERSION }}.tar.bz2 \
+            https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v${{ env.MBEDTLS_VERSION }}.tar.gz \
             https://github.com/libusb/libusb/releases/download/v${{ env.LIBUSB_VERSION }}/libusb-${{ env.LIBUSB_VERSION }}.tar.bz2 \
             https://mirror-hk.koddos.net/gnu/readline/readline-${{ env.READLINE_VERSION }}.tar.gz \
             https://github.com/telmich/gpm/archive/refs/tags/${{ env.GPM_VERSION }}.tar.gz
 
-          tar -xjf mbedtls-${{ env.MBEDTLS_VERSION }}.tar.bz2
+          tar -xf v${{ env.MBEDTLS_VERSION }}.tar.gz
           tar -xjf libusb-${{ env.LIBUSB_VERSION }}.tar.bz2
           tar -xf readline-${{ env.READLINE_VERSION }}.tar.gz
           tar -xf ${{ env.GPM_VERSION }}.tar.gz
@@ -568,6 +568,7 @@ jobs:
       - name: Build Mbed TLS
         run: |
           cd mbedtls-${{ env.MBEDTLS_VERSION }}
+          cat ../patches/mbedtls/0001-Allow-empty-x509-cert-issuer.patch | patch -sN -d . -p1
           mkdir build
           if [ "${{ matrix.triple }}" = "i486-linux-musl" ]; then sed -i '/define MBEDTLS_AESNI_C/d' include/mbedtls/mbedtls_config.h; fi
           cd build
@@ -658,7 +659,6 @@ jobs:
       - name: Build libimobiledevice
         run: |
           cd libimobiledevice
-          cat ../patches/libimobiledevice/*.patch | patch -sN -d . -p1
           autoreconf -fiv
           ./configure ${{ env.CONFIGURE_ARGS }} --with-mbedtls --enable-debug
           echo -e 'all:\ninstall:' > tools/Makefile

patches/libimobiledevice/0001-set-subject-issuer-name.patch

@@ -1,36 +0,0 @@
-diff -urN a/common/userpref.c b/common/userpref.c
---- a/common/userpref.c	2024-05-26 14:30:03
-+++ b/common/userpref.c	2024-05-26 14:34:24
-@@ -870,6 +870,10 @@
- 	/* set key validity */
- 	mbedtls_x509write_crt_set_validity(&cert, notbefore, notafter);
- 
-+	/* set subject and issuer name */
-+	mbedtls_x509write_crt_set_subject_name(&cert, (const char *)"CN=in.palera.cli.subject,O=palera1n CLI Subject,C=TW");
-+	mbedtls_x509write_crt_set_issuer_name(&cert, (const char *)"CN=in.palera.cli.issuer,O=palera1n CLI Issuer,C=TW");
-+
- 	/* sign root cert with root private key */
- 	mbedtls_x509write_crt_set_issuer_key(&cert, &root_pkey);
- 	mbedtls_x509write_crt_set_md_alg(&cert, MBEDTLS_MD_SHA1);
-@@ -929,6 +933,10 @@
- 	/* set key validity */
- 	mbedtls_x509write_crt_set_validity(&cert, notbefore, notafter);
- 
-+	/* set subject and issuer name */
-+	mbedtls_x509write_crt_set_subject_name(&cert, (const char *)"CN=in.palera.cli.subject,O=palera1n CLI Subject,C=TW");
-+	mbedtls_x509write_crt_set_issuer_name(&cert, (const char *)"CN=in.palera.cli.issuer,O=palera1n CLI Issuer,C=TW");
-+
- 	/* sign host cert with root private key */
- 	mbedtls_x509write_crt_set_issuer_key(&cert, &root_pkey);
- 	mbedtls_x509write_crt_set_md_alg(&cert, MBEDTLS_MD_SHA1);
-@@ -988,6 +996,10 @@
- 
- 	/* set key validity */
- 	mbedtls_x509write_crt_set_validity(&cert, notbefore, notafter);
-+
-+	/* set subject and issuer name */
-+	mbedtls_x509write_crt_set_subject_name(&cert, (const char *)"CN=in.palera.cli.subject,O=palera1n CLI Subject,C=TW");
-+	mbedtls_x509write_crt_set_issuer_name(&cert, (const char *)"CN=in.palera.cli.issuer,O=palera1n CLI Issuer,C=TW");
- 
- 	/* sign device certificate with root private key */
- 	mbedtls_x509write_crt_set_issuer_key(&cert, &root_pkey);

patches/mbedtls/0001-Allow-empty-x509-cert-issuer.patch

@@ -0,0 +1,34 @@
+From a2d012f3ba459f6debe636b576ad9aeab7b3c2aa Mon Sep 17 00:00:00 2001
+From: Nick Chan <towinchenmi@gmail.com>
+Date: Sat, 27 May 2023 23:50:23 +0800
+Subject: [PATCH] Allow empty x509 cert issuer
+
+---
+ library/x509_crt.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/library/x509_crt.c b/library/x509_crt.c
+index cf62532f2..ef25b3d77 100644
+--- a/library/x509_crt.c
++++ b/library/x509_crt.c
+@@ -1061,13 +1061,13 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt,
+ 
+     if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                     MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+-        mbedtls_x509_crt_free(crt);
+-        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
++        /*mbedtls_x509_crt_free(crt);
++        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);*/
+     }
+ 
+     if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) {
+-        mbedtls_x509_crt_free(crt);
+-        return ret;
++        /*mbedtls_x509_crt_free(crt);
++        return ret;*/
+     }
+ 
+     crt->issuer_raw.len = p - crt->issuer_raw.p;
+-- 
+2.39.1
+