From d81c79d79ff3af59c26fc1bb091b6ef9cce61b48 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anders=20Kal=C3=B8r?= <anders@kaloer.com>
Date: Sat, 10 Nov 2018 23:51:05 +0100
Subject: [PATCH] esp_http_client: Add support for mutual authentication

Closes https://github.com/espressif/esp-idf/pull/2688
Closes https://github.com/espressif/esp-idf/issues/3438
---
 components/esp_http_client/esp_http_client.c         | 8 ++++++++
 components/esp_http_client/include/esp_http_client.h | 4 +++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/components/esp_http_client/esp_http_client.c b/components/esp_http_client/esp_http_client.c
index 9dcd3f20e2..f7886bf469 100644
--- a/components/esp_http_client/esp_http_client.c
+++ b/components/esp_http_client/esp_http_client.c
@@ -495,6 +495,14 @@ esp_http_client_handle_t esp_http_client_init(const esp_http_client_config_t *co
     } else if (config->cert_pem) {
         esp_transport_ssl_set_cert_data(ssl, config->cert_pem, strlen(config->cert_pem));
     }
+
+    if (config->client_cert_pem) {
+        esp_transport_ssl_set_client_cert_data(ssl, config->client_cert_pem, strlen(config->client_cert_pem));
+    }
+
+    if (config->client_key_pem) {
+        esp_transport_ssl_set_client_key_data(ssl, config->client_key_pem, strlen(config->client_key_pem));
+    }
 #endif
 
     if (_set_config(client, config) != ESP_OK) {
diff --git a/components/esp_http_client/include/esp_http_client.h b/components/esp_http_client/include/esp_http_client.h
index 0929e4d755..18b68b8833 100644
--- a/components/esp_http_client/include/esp_http_client.h
+++ b/components/esp_http_client/include/esp_http_client.h
@@ -105,7 +105,9 @@ typedef struct {
     esp_http_client_auth_type_t auth_type;           /*!< Http authentication type, see `esp_http_client_auth_type_t` */
     const char                  *path;               /*!< HTTP Path, if not set, default is `/` */
     const char                  *query;              /*!< HTTP query */
-    const char                  *cert_pem;           /*!< SSL Certification, PEM format as string, if the client requires to verify server */
+    const char                  *cert_pem;           /*!< SSL server certification, PEM format as string, if the client requires to verify server */
+    const char                  *client_cert_pem;    /*!< SSL client certification, PEM format as string, if the server requires to verify client */
+    const char                  *client_key_pem;     /*!< SSL client key, PEM format as string, if the server requires to verify client */
     esp_http_client_method_t    method;                   /*!< HTTP Method */
     int                         timeout_ms;               /*!< Network timeout in milliseconds */
     bool                        disable_auto_redirect;    /*!< Disable HTTP automatic redirects */