espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-05 13:44:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

CA Certificate verification

Browse Source
This commit is contained in:
Jitin George
2018-02-12 23:38:51 +05:30
parent 8211a16207
commit 8a1dcc0765
2 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
components/esp-tls/esp-tls.c
View File

@@ -117,6 +117,27 @@ static int create_ssl_handle(struct esp_tls *tls, const char *hostname, size_t h
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
#endif #endif
if (cfg->cacert_pem_buf != NULL) {
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
BIO *bio;
bio = BIO_new(BIO_s_mem());
BIO_write(bio, cfg->cacert_pem_buf, cfg->cacert_pem_bytes);
X509 *ca = PEM_read_bio_X509(bio, NULL, 0, NULL);
if (!ca) {
ESP_LOGE(TAG, "CA Error\n");
}
ESP_LOGD(TAG, "CA OK\n");
X509_STORE_add_cert(SSL_CTX_get_cert_store(ssl_ctx), ca);
X509_free(ca);
BIO_free(bio);
}
if (cfg->alpn_protos) { if (cfg->alpn_protos) {
SSL_CTX_set_alpn_protos(ssl_ctx, cfg->alpn_protos, strlen((char *)cfg->alpn_protos)); SSL_CTX_set_alpn_protos(ssl_ctx, cfg->alpn_protos, strlen((char *)cfg->alpn_protos));
} }

2
components/esp-tls/esp-tls.h
View File

@@ -19,6 +19,8 @@ struct esp_tls_cfg {
* - the subsequent 'h2' is the protocol name * - the subsequent 'h2' is the protocol name
*/ */
const unsigned char *alpn_protos; const unsigned char *alpn_protos;
const unsigned char *cacert_pem_buf;
const unsigned int cacert_pem_bytes;
}; };
struct esp_tls { struct esp_tls {