From a1d5fcfecec8c54b649124beb95cb05e08d4e2d5 Mon Sep 17 00:00:00 2001
From: Jeff Epler <jepler@gmail.com>
Date: Fri, 13 Nov 2020 14:42:07 -0600
Subject: [PATCH] esp_crt_bundle: Allow verify_callback to correct
 BADCERT_BAD_MD

---
 components/mbedtls/esp_crt_bundle/esp_crt_bundle.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/components/mbedtls/esp_crt_bundle/esp_crt_bundle.c b/components/mbedtls/esp_crt_bundle/esp_crt_bundle.c
index 27b1665571..7788553535 100644
--- a/components/mbedtls/esp_crt_bundle/esp_crt_bundle.c
+++ b/components/mbedtls/esp_crt_bundle/esp_crt_bundle.c
@@ -97,7 +97,10 @@ int esp_crt_verify_callback(void *buf, mbedtls_x509_crt *crt, int data, uint32_t
 {
     mbedtls_x509_crt *child = crt;
 
-    if (*flags != MBEDTLS_X509_BADCERT_NOT_TRUSTED) {
+    if (!*flags) {
+        return 0;
+    }
+    if (*flags & ~(MBEDTLS_X509_BADCERT_NOT_TRUSTED | MBEDTLS_X509_BADCERT_BAD_MD)) {
         return 0;
     }