espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-30 02:37:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feat/update_mbedtls_3.6.3_v5.2' into 'release/v5.2'

Browse Source 
feat(component/mbedtls): update to upstream v3.6.3 (v5.2)

See merge request espressif/esp-idf!38180
This commit is contained in:
Mahavir Jain
2025-04-16 11:14:19 +08:00
parent cf740a14cc e1cec0d941
commit 046c0b5bcd
6 changed files with 27 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/esp-tls/esp_tls_mbedtls.c
View File

@ -706,6 +706,8 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
return ESP_ERR_MBEDTLS_SSL_SET_HOSTNAME_FAILED;
}
free(use_host);
} else {
mbedtls_ssl_set_hostname(&tls->ssl, NULL);
}
if ((ret = mbedtls_ssl_config_defaults(&tls->conf,

7
components/mbedtls/Kconfig
View File

@ -1215,4 +1215,11 @@ menu "mbedTLS"
which is added through vfs component for ESP32 based targets or by
the host system when the target is Linux.
config MBEDTLS_ALLOW_WEAK_CERTIFICATE_VERIFICATION
bool "Allow weak certificate verification"
default n
help
This options allows weak certificate verification by skipping the hostname verification.
It is not recommended to use this option.
endmenu # mbedTLS

2
components/mbedtls/mbedtls

Submodule components/mbedtls/mbedtls updated: 98fcfd6d2c...601990b1d8

15
components/mbedtls/port/include/mbedtls/esp_config.h
View File

@ -2084,6 +2084,21 @@
#undef MBEDTLS_ERROR_C
#endif
/**
* \def MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
*
* Caller: library/ssl_tls.c
*
* Allow weak certificate verification without a hostname.
* This option is not recommended for production use.
*/
#if CONFIG_MBEDTLS_ALLOW_WEAK_CERTIFICATE_VERIFICATION
#define MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
#else
#undef MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
#endif
/**
* \def MBEDTLS_GCM_C
*

2
docs/en/api-reference/protocols/mbedtls.rst
View File

@ -118,5 +118,5 @@ Reducing Binary Size
Under ``Component Config -> mbedTLS``, there are multiple Mbed TLS features which are enabled by default but can be disabled if not needed to save code size. More information can be about this can be found in :ref:`Minimizing Binary Size <minimizing_binary_mbedtls>` docs.
.. _`API Reference`: https://mbed-tls.readthedocs.io/projects/api/en/v3.6.2/
.. _`API Reference`: https://mbed-tls.readthedocs.io/projects/api/en/v3.6.3/
.. _`Knowledge Base`: https://mbed-tls.readthedocs.io/en/latest/kb/

2
docs/zh_CN/api-reference/protocols/mbedtls.rst
View File

@ -118,5 +118,5 @@ ESP-IDF 中的示例使用 :doc:`/api-reference/protocols/esp_tls`,为访问
``Component Config -> mbedTLS`` 中,有多个 Mbed TLS 功能默认为启用状态。如果不需要这些功能,可将其禁用以减小固件大小。要了解更多信息,请参考 :ref:`Minimizing Binary Size <minimizing_binary_mbedtls>` 文档。
.. _`API Reference`: https://mbed-tls.readthedocs.io/projects/api/en/v3.6.2/
.. _`API Reference`: https://mbed-tls.readthedocs.io/projects/api/en/v3.6.3/
.. _`Knowledge Base`: https://mbed-tls.readthedocs.io/en/latest/kb/