From 062a6464ba04bb0bef91265fda1fdc7490113b28 Mon Sep 17 00:00:00 2001 From: Harshit Malpani Date: Thu, 3 Mar 2022 16:56:23 +0530 Subject: [PATCH] docs: Updated migration guide for esp_https_server API breaking changes --- .../en/api-reference/protocols/esp_local_ctrl.rst | 8 ++++---- docs/en/migration-guides/protocols.rst | 15 +++++++++++++++ 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/docs/en/api-reference/protocols/esp_local_ctrl.rst b/docs/en/api-reference/protocols/esp_local_ctrl.rst index 436c0753fe..cfed730c9a 100644 --- a/docs/en/api-reference/protocols/esp_local_ctrl.rst +++ b/docs/en/api-reference/protocols/esp_local_ctrl.rst @@ -54,10 +54,10 @@ Similarly for HTTPS transport: httpd_ssl_config_t https_conf = HTTPD_SSL_CONFIG_DEFAULT(); /* Load server certificate */ - extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start"); - extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end"); - https_conf.cacert_pem = cacert_pem_start; - https_conf.cacert_len = cacert_pem_end - cacert_pem_start; + extern const unsigned char servercert_start[] asm("_binary_servercert_pem_start"); + extern const unsigned char servercert_end[] asm("_binary_servercert_pem_end"); + https_conf.servercert = servercert_start; + https_conf.servercert_len = servercert_end - servercert_start; /* Load server private key */ extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start"); diff --git a/docs/en/migration-guides/protocols.rst b/docs/en/migration-guides/protocols.rst index 1719a05f92..3916fdcb48 100644 --- a/docs/en/migration-guides/protocols.rst +++ b/docs/en/migration-guides/protocols.rst @@ -57,3 +57,18 @@ The Diffie-Hellman Key Exchange modes have now been disabled by default due to s - ``MBEDTLS_KEY_EXCHANGE_DHE_RSA`` : Support for cipher suites with the prefix ``TLS-DHE-RSA-WITH-`` .. note:: During the initial step of the handshake (i.e. ``client_hello``), the server selects a cipher from the list that the client publishes. As the DHE_PSK/DHE_RSA ciphers have now been disabled by the above change, the server would fall back to an alternative cipher; if in a rare case, it does not support any other cipher, the handshake would fail. To retrieve the list of ciphers supported by the server, one must attempt to connect with the server with a specific cipher from the client-side. Few utilities can help do this, e.g. ``sslscan``. + + +ESP HTTPS SERVER +----------------- + +Breaking Changes (Summary) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Names of variables holding different certs in :cpp:type:`httpd_ssl_config_t` structure have been updated. + +.. list:: + * :cpp:member:`servercert` variable inherits role of :cpp:member:`cacert_pem` variable. + * :cpp:member:`servercert_len` variable inherits role of :cpp:member:`cacert_len` variable + * :cpp:member:`cacert_pem` variable inherits role of :cpp:member:`client_verify_cert_pem` variable + * :cpp:member:`cacert_len` variable inherits role of :cpp:member:`client_verify_cert_len` variable