Build fails because of missing `library/base64.c` when using Mbed TLS 4.x — Is support planned?

[TheophileDiot]

Hello ModSecurity team,

First of all, thank you for your excellent work on ModSecurity (v3 / libmodsecurity) — it’s a great WAF library.

I attempted to build ModSecurity v3 against the latest Mbed TLS release (4.0.0), but the build fails right at the ./configure step. The error message is as follows:

# Check for Mbed TLS
if ! test -f "${srcdir}/others/mbedtls/library/base64.c"; then
  AC_MSG_ERROR([
    Mbed TLS was not found within ModSecurity source directory.
    …
  ])
fi

The root cause appears to be the removal or relocation of library/base64.c (and possibly other files) in Mbed TLS 4.x, so the check in ModSecurity’s build system which expects that file fails.

According to the Mbed TLS 4.0.0 release notes, there are “significant API changes that break backward compatibility”.

---

Questions

1. Is support for Mbed TLS 4.x planned in ModSecurity v3?

2. If yes:

   • Is there a rough timeline, release version, or roadmap entry for that?
   • Are there existing branches or PRs to track for this work?

3. If no or not yet:

   • Would the maintainers accept a community contribution / PR to enable building with Mbed TLS 4.x (including updating the configure script check and necessary code changes)?
   • Could documentation be updated to state clearly which Mbed TLS versions are supported (e.g., “Up to Mbed TLS 3.x only”)?

---

Thank you very much for your time and the continued maintenance of ModSecurity.
Best regards,

[airween]

Hi @TheophileDiot,

I attempted to build ModSecurity v3 against the latest Mbed TLS release (4.0.0), but the build fails right at the ./configure step. The error message is as follows:

Did you follow the instructions and ran git ... --recurse?

MbedTLS is a submodule of the library.

# Check for Mbed TLS
if ! test -f "${srcdir}/others/mbedtls/library/base64.c"; then
  AC_MSG_ERROR([
    Mbed TLS was not found within ModSecurity source directory.
    …
  ])
fi

first, please check this (if you didn't do that)

According to the Mbed TLS 4.0.0 release notes, there are “significant API changes that break backward compatibility”.

Questions

that could be the other problem.

1. **Is support for Mbed TLS 4.x planned** in ModSecurity v3?

2. If yes:

I haven't checked yet, but my expectation is if someone clones the repository, then git fetches the newest MbedTLS library, and because nobody reported a bug (this is the first issue) may be you just need to fetch the source as a sub-module.

   * Is there a rough timeline, release version, or roadmap entry for that?

as I wrote this is the first report, so we haven't planned yet

   * Are there existing branches or PRs to track for this work?

please try the sub-module and report if it works (or not)

3. If no or not yet:
   
   * Would the maintainers accept a community contribution / PR to enable building with Mbed TLS 4.x (including updating the configure script check and necessary code changes)?

yes, please see pulls for the repository.

   * Could documentation be updated to state clearly which Mbed TLS versions are supported (e.g., “Up to Mbed TLS 3.x only”)?

I can check that later, but yes, someone will do that.

[TheophileDiot]

Hey @airween,

Thanks a lot for the quick reply! I usually clone Mbed TLS separately and move the folder into the right directory before building ModSecurity, so that’s why I ran into that check. The submodule works fine though — I tested it and it builds without any issues (also confirmed with v3.6.5).

I was mostly just curious about possible support for Mbed TLS 4.x, no rush at all. I’ll keep an eye out for any updates or future PRs around that.

Appreciate your time and the quick response!