espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-31 19:24:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(mbedtls): new config to allow weak cert verification

Browse Source
This commit is contained in:
Ashish Sharma
2025-03-28 15:46:48 +08:00
committed by Aditya Patwardhan
parent e6ad551c10
commit e1cec0d941
2 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
components/mbedtls/Kconfig
View File

@@ -1215,4 +1215,11 @@ menu "mbedTLS"
which is added through vfs component for ESP32 based targets or by which is added through vfs component for ESP32 based targets or by
the host system when the target is Linux. the host system when the target is Linux.
config MBEDTLS_ALLOW_WEAK_CERTIFICATE_VERIFICATION
bool "Allow weak certificate verification"
default n
help
This options allows weak certificate verification by skipping the hostname verification.
It is not recommended to use this option.
endmenu # mbedTLS endmenu # mbedTLS

15
components/mbedtls/port/include/mbedtls/esp_config.h
View File

@@ -2084,6 +2084,21 @@
#undef MBEDTLS_ERROR_C #undef MBEDTLS_ERROR_C
#endif #endif
/**
* \def MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
*
* Caller: library/ssl_tls.c
*
* Allow weak certificate verification without a hostname.
* This option is not recommended for production use.
*/
#if CONFIG_MBEDTLS_ALLOW_WEAK_CERTIFICATE_VERIFICATION
#define MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
#else
#undef MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
#endif
/** /**
* \def MBEDTLS_GCM_C * \def MBEDTLS_GCM_C
* *