IDF release/v3.3 (#3339)

* IDF release/v3.3 46b12a560 * fix build * IDF release/v3.3 367c3c09c
2025-07-02 05:20:59 +02:00 · 2020-01-20 22:07:04 +02:00
parent 307b1368dd
commit 1977370e6f
282 changed files with 13004 additions and 4377 deletions
--- a/tools/sdk/include/esp-tls/esp_tls.h
+++ b/tools/sdk/include/esp-tls/esp_tls.h
@ -17,6 +17,7 @@
 #include <stdbool.h>
 #include <sys/socket.h>
 #include <fcntl.h>
+#include "esp_err.h"

 #include "mbedtls/platform.h"
 #include "mbedtls/net_sockets.h"
@ -56,17 +57,20 @@ typedef struct esp_tls_cfg {
                                                 - where the first '2' is the length of the protocol and
                                                 - the subsequent 'h2' is the protocol name */
 
-    const unsigned char *cacert_pem_buf;    /*!< Certificate Authority's certificate in a buffer */
+    const unsigned char *cacert_pem_buf;    /*!< Certificate Authority's certificate in a buffer.
+                                                 This buffer should be NULL terminated */
 
    unsigned int cacert_pem_bytes;          /*!< Size of Certificate Authority certificate
                                                 pointed to by cacert_pem_buf */

-    const unsigned char *clientcert_pem_buf;/*!< Client certificate in a buffer */
+    const unsigned char *clientcert_pem_buf;/*!< Client certificate in a buffer
+                                                 This buffer should be NULL terminated */
 
    unsigned int clientcert_pem_bytes;      /*!< Size of client certificate pointed to by
                                                 clientcert_pem_buf */

-    const unsigned char *clientkey_pem_buf; /*!< Client key in a buffer */
+    const unsigned char *clientkey_pem_buf; /*!< Client key in a buffer
+                                                 This buffer should be NULL terminated */

    unsigned int clientkey_pem_bytes;       /*!< Size of client key pointed to by
                                                 clientkey_pem_buf */
@ -84,6 +88,11 @@ typedef struct esp_tls_cfg {

    bool use_global_ca_store;               /*!< Use a global ca_store for all the connections in which
                                                 this bool is set. */
+
+    const char *common_name;                /*!< If non-NULL, server certificate CN must match this name.
+                                                 If NULL, server certificate CN must match hostname. */
+
+    bool skip_common_name;                  /*!< Skip any validation of server certificate CN field */
 } esp_tls_cfg_t;

 /**
@ -260,10 +269,25 @@ void esp_tls_conn_delete(esp_tls_t *tls);
 size_t esp_tls_get_bytes_avail(esp_tls_t *tls);

 /**
- * @brief      Create a global CA store with the buffer provided in cfg.
+ * @brief      Create a global CA store, initially empty.
 *
- * This function should be called if the application wants to use the same CA store for
- * multiple connections. The application must call this function before calling esp_tls_conn_new().
+ * This function should be called if the application wants to use the same CA store for multiple connections.
+ * This function initialises the global CA store which can be then set by calling esp_tls_set_global_ca_store().
+ * To be effective, this function must be called before any call to esp_tls_set_global_ca_store().
+ *
+ * @return
+ *             - ESP_OK             if creating global CA store was successful.
+ *             - ESP_ERR_NO_MEM     if an error occured when allocating the mbedTLS resources.
+ */
+esp_err_t esp_tls_init_global_ca_store();
+
+/**
+ * @brief      Set the global CA store with the buffer provided in pem format.
+ *
+ * This function should be called if the application wants to set the global CA store for
+ * multiple connections i.e. to add the certificates in the provided buffer to the certificate chain.
+ * This function implicitly calls esp_tls_init_global_ca_store() if it has not already been called.
+ * The application must call this function before calling esp_tls_conn_new().
 *
 * @param[in]  cacert_pem_buf    Buffer which has certificates in pem format. This buffer
 *                               is used for creating a global CA store, which can be used
@ -271,7 +295,7 @@ size_t esp_tls_get_bytes_avail(esp_tls_t *tls);
 * @param[in]  cacert_pem_bytes  Length of the buffer.
 *
 * @return
- *             - ESP_OK  if creating global CA store was successful.
+ *             - ESP_OK  if adding certificates was successful.
 *             - Other   if an error occured or an action must be taken by the calling process.
 */
 esp_err_t esp_tls_set_global_ca_store(const unsigned char *cacert_pem_buf, const unsigned int cacert_pem_bytes);