[mbedtls] update to 3.2.1

[xavier2k6]

Library name: mbedtls

New version number: 3.2.1

Other information that may be useful (release notes, etc...)
https://github.com/Mbed-TLS/mbedtls/releases
https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/advisories/mbedtls-security-advisory-2022-07.md

[ekilmer]

This has been attempted in the past #20860 and I'm also trying to update it for a new port #22957 but found that there are ports that are not compatible with the new v3 changes and so it won't be accepted until all ports are compatible with v3.

Mbed-TLS also has a v2.28 LTS branch, which means the dependent ports likely won't upgrade until v2 is retired. You can read more about Mbed-TLS releases here https://github.com/Mbed-TLS/mbedtls/blob/development/BRANCHES.md#maintained-branches

[github-actions]

This is an automated message. Per our repo policy, stale issues get closed if there has been no activity in the past 180 days. The issue will be automatically closed in 14 days. If you wish to keep this issue open, please add a new comment.

[EvanBalster]

It would be useful if there were an mbedtls3 feature or a separate package that could be installed. For the moment I'm having to clone, build and install the library by hand for my applications to avoid a lot of trouble related to version 2's lack of a CMake install configuration.

[github-actions]

This is an automated message. Per our repo policy, stale issues get closed if there has been no activity in the past 180 days. The issue will be automatically closed in 14 days. If you wish to keep this issue open, please add a new comment.

[JonLiu1993]

Currently, the mbedtls update in vcpkg continues the mbedtls-2.28 branch. The update required by the issue needs to switch to the mbedtls-3.6 branch. However, some ports that depend on mbedtls are not compatible with the mbedtls-3.6 branch, so it is temporarily impossible to update to the mbedtls-3.6 branch, so this issue is temporarily closed.

[dg0yt]

@JonLiu1993 I really cannot understand the priorities and procedures of your crew. In particular when it comes to software which fundamental to security.

There are exactly two blocking ports, according to #40011 results: openvpn3 and oatpp-mbedtls.

• openvpn3 was outdated and insane, but I there is already [openvpn3] Update, adapt upstream build, cleanup, test #40677 now (started a few days ago). That PR retains the use of mbedtls, but upstream normally use openssl by default.
• If oatpp-mbedtls can't be updated, it can be skipped in CI.

So there is no acceptable reason to delay the update of mbedts.

[JonLiu1993]

@JonLiu1993 I really cannot understand the priorities and procedures of your crew. In particular when it comes to software which fundamental to security.

There are exactly two blocking ports, according to #40011 results: openvpn3 and oatpp-mbedtls.

• openvpn3 was outdated and insane, but I there is already [openvpn3] Update, adapt upstream build, cleanup, test #40677 now (started a few days ago). That PR retains the use of mbedtls, but upstream normally use openssl by default.
• If oatpp-mbedtls can't be updated, it can be skipped in CI.

So there is no acceptable reason to delay the update of mbedts.

Sorry I didn't notice your PR and @talregev's, because I tried to update this port several times, but failed, and now it is always updated on mbedtls_2.8 branch so I closed it. I reopened it.