Merge branch 'feature/external_github_prs' into 'master'

Include external github PRs

Closes IDFGH-2291, IDFGH-2306, IDFGH-2315, and IDFGH-2307

See merge request espressif/esp-idf!6931

components/esp_http_client/esp_http_client.c

@@ -300,12 +300,10 @@ esp_err_t esp_http_client_set_username(esp_http_client_handle_t client, const ch
         ESP_LOGE(TAG, "client must not be NULL");
         return ESP_ERR_INVALID_ARG;
     }
-    if (username == NULL && client->connection_info.username != NULL) {
+    if (client->connection_info.username != NULL) {
         free(client->connection_info.username);
-        client->connection_info.username = NULL;
-    } else if (username != NULL) {
-        client->connection_info.username = strdup(username);
     }
+    client->connection_info.username = username ? strdup(username) : NULL;
     return ESP_OK;
 }
 
@@ -325,13 +323,21 @@ esp_err_t esp_http_client_set_password(esp_http_client_handle_t client, char *pa
         ESP_LOGE(TAG, "client must not be NULL");
         return ESP_ERR_INVALID_ARG;
     }
-    if (password == NULL && client->connection_info.password != NULL) {
+    if (client->connection_info.password != NULL) {
         memset(client->connection_info.password, 0, strlen(client->connection_info.password));
         free(client->connection_info.password);
-        client->connection_info.password = NULL;
-    } else if (password != NULL) {
-        client->connection_info.password = strdup(password);
     }
+    client->connection_info.password = password ? strdup(password) : NULL;
+    return ESP_OK;
+}
+
+esp_err_t esp_http_client_set_authtype(esp_http_client_handle_t client, esp_http_client_auth_type_t auth_type)
+{
+    if (client == NULL) {
+        ESP_LOGE(TAG, "client must not be NULL");
+        return ESP_ERR_INVALID_ARG;
+    }
+    client->connection_info.auth_type = auth_type;
     return ESP_OK;
 }
 
@@ -657,6 +663,7 @@ static esp_err_t esp_http_check_response(esp_http_client_handle_t client)
     switch (client->response->status_code) {
         case HttpStatus_MovedPermanently:
         case HttpStatus_Found:
+        case HttpStatus_TemporaryRedirect:
             esp_http_client_set_redirection(client);
             client->redirect_counter ++;
             client->process_again = 1;

components/esp_http_client/include/esp_http_client.h

@@ -131,6 +131,7 @@ typedef enum {
     /* 3xx - Redirection */
     HttpStatus_MovedPermanently  = 301,
     HttpStatus_Found             = 302,
+    HttpStatus_TemporaryRedirect = 307,
 
     /* 4xx - Client Error */
     HttpStatus_Unauthorized      = 401
@@ -306,6 +307,18 @@ esp_err_t esp_http_client_get_password(esp_http_client_handle_t client, char **v
  */
 esp_err_t esp_http_client_set_password(esp_http_client_handle_t client, char *password);
 
+/**
+ * @brief      Set http request auth_type.
+ *
+ * @param[in]  client    The esp_http_client handle
+ * @param[in]  auth_type The esp_http_client auth type
+ *
+ * @return
+ *     - ESP_OK
+ *     - ESP_ERR_INVALID_ARG
+ */
+esp_err_t esp_http_client_set_authtype(esp_http_client_handle_t client, esp_http_client_auth_type_t auth_type);
+
 /**
  * @brief      Set http request method
  *

components/esp_https_ota/src/esp_https_ota.c

@@ -47,6 +47,7 @@ static bool process_again(int status_code)
     switch (status_code) {
         case HttpStatus_MovedPermanently:
         case HttpStatus_Found:
+        case HttpStatus_TemporaryRedirect:
         case HttpStatus_Unauthorized:
             return true;
         default:
@@ -58,7 +59,7 @@ static bool process_again(int status_code)
 static esp_err_t _http_handle_response_code(esp_http_client_handle_t http_client, int status_code)
 {
     esp_err_t err;
-    if (status_code == HttpStatus_MovedPermanently || status_code == HttpStatus_Found) {
+    if (status_code == HttpStatus_MovedPermanently || status_code == HttpStatus_Found || status_code == HttpStatus_TemporaryRedirect) {
         err = esp_http_client_set_redirection(http_client);
         if (err != ESP_OK) {
             ESP_LOGE(TAG, "URL redirection Failed");

components/freertos/test/test_freertos_mutex.c

@@ -12,7 +12,7 @@ static void mutex_release_task(void* arg)
     TEST_FAIL_MESSAGE("should not be reached");
 }
 
-TEST_CASE("mutex released not by owner causes an assert", "[freertos][reset=abort,SW_CPU_RESET]")
+TEST_CASE_ESP32("mutex released not by owner causes an assert", "[freertos][reset=abort,SW_CPU_RESET]")
 {
     SemaphoreHandle_t mutex = xSemaphoreCreateMutex();
     xSemaphoreTake(mutex, portMAX_DELAY);

components/freertos/test/test_task_suspend_resume.c

@@ -124,7 +124,6 @@ void IRAM_ATTR timer_group0_isr(void *vp_arg)
 {
     // Clear interrupt
     timer_group_clr_intr_status_in_isr(TIMER_GROUP_0, TIMER_0);
-    timer_group_clr_intr_status_in_isr(TIMER_GROUP_0, TIMER_1);
 
     timer_isr_fired = true;
     TaskHandle_t handle = vp_arg;
@@ -170,6 +169,7 @@ static void test_resume_task_from_isr(int target_core)
 
     vTaskDelay(1);
 
+    timer_deinit(TIMER_GROUP_0, TIMER_0);
     TEST_ASSERT_TRUE(timer_isr_fired);
     TEST_ASSERT_TRUE(resumed);
 }

components/freertos/test/test_thread_local.c

@@ -86,7 +86,7 @@ static void task_test_tls(void *arg)
     }
 }
 
-TEST_CASE("TLS test", "[freertos]")
+TEST_CASE_ESP32("TLS test", "[freertos]")
 {
     const size_t stack_size = 3072;
     StackType_t s_stack[stack_size]; /* with 8KB test task stack (default) this test still has ~3KB headroom */

components/lwip/port/esp32/include/arpa/inet.h

@@ -15,6 +15,6 @@
 #ifndef INET_H_
 #define INET_H_
 
-#include "../../../lwip/src/include/lwip/inet.h"
+#include "lwip/inet.h"
 
 #endif /* INET_H_ */

components/mbedtls/Kconfig

@@ -601,4 +601,16 @@ menu "mbedTLS"
 
             # end of Elliptic Curve options
 
+    menuconfig MBEDTLS_SECURITY_RISKS
+        bool "Show configurations with potential security risks"
+        default n
+
+    config MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT
+        bool "X.509 CRT parsing with unsupported critical extensions"
+        depends on MBEDTLS_SECURITY_RISKS
+        default n
+        help
+            Allow the X.509 certificate parser to load certificates
+            with unsupported critical extensions
+
 endmenu  # mbedTLS

components/mbedtls/port/include/mbedtls/esp_config.h

@@ -2214,6 +2214,25 @@
  */
 #define MBEDTLS_X509_CRT_WRITE_C
 
+/**
+ * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ *
+  * Alow the X509 parser to not break-off when parsing an X509 certificate
+ * and encountering an unknown critical extension.
+ *
+ * Module:  library/x509_crt.c
+ *
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This module is supports loading of certificates with extensions that
+ * may not be supported by mbedtls.
+ */
+#ifdef CONFIG_MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT
+#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+#else
+#undef MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+#endif
+
 /**
  * \def MBEDTLS_X509_CSR_WRITE_C
  *