Resend: hostap option to use mbedtls

gs-lists-hostap at gs-lists-hostap at
Sun Oct 16 06:31:28 PDT 2022

Resending from a month ago:


I am a lighttpd developer who has written TLS modules for lighttpd
to support OpenSSL, mbed TLS, GnuTLS, WolfSSL, and NSS TLS libraries.

I am in the process of porting hostap to have the option to use mbedtls
in support of
My patches are available for wider testing with OpenWRT

development branch:

My branch builds with mbedtls 2.27.0 or later, and also with mbedtls 3.x

Please note: my effort here is independent from

Status: My development branch now passes almost all tests/hwsim tests,
except for tests/hwsim tests which also fail for openssl, and not
including features skipped in the framework.  Skipped features include

Running tests/hwsim with mbedtls requires following tests/hwsim/README
and modifying wpa_supplicant/.config and hostapd/.config to set
CONFIG_TLS=mbedtls and to comment out CONFIG_TLS=openssl, or to override
the value on the make command line with 'make CONFIG_TLS=mbedtls ...'

My development branch also adds the ability for run-tests to test using
different crypto libraries (assuming the crypto libraries are installed)
  cd tests
  for crypto_lib in mbedtls openssl gnutls wolfssl internal; do
    make -j 4 CONFIG_TLS=$crypto_lib clean
    make -j 4 CONFIG_TLS=$crypto_lib run-tests
    make -j 4 CONFIG_TLS=$crypto_lib clean

Before I post a patchset containing 7500+ lines changed, please let me
know if there is a better way to continue development of these patches
and to obtain feedback.  (PRs are welcome at to the 'mbedtls' branch)

Thank you.  Glenn

More information about the Hostap mailing list