espressif/esp-protocols
1
0
Fork 1
mirror of https://github.com/espressif/esp-protocols.git synced 2026-05-05 04:14:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(asio): Add mbedtls specific APIs to use TLS stack specific features

Browse Source 
Use mbedtls specific API to configure hostname for verification
This commit is contained in:
David Cermak
2025-04-07 13:33:15 +02:00
parent 4885d28294
commit ad94cc9502
4 changed files with 62 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/asio/examples/ssl_client_server/main/asio_ssl_main.cpp
+8
View File
@@ -17,6 +17,8 @@
#include "asio/ssl.hpp"
#include "asio/buffer.hpp"
#include "esp_pthread.h"
// allows for direct access to mbedtls specifics
#include "asio/ssl/mbedtls_specific.hpp"
extern const unsigned char server_pem_start[] asm("_binary_srv_crt_start");
extern const unsigned char server_pem_end[] asm("_binary_srv_crt_end");
@@ -217,6 +219,7 @@ void ssl_server_thread()
io_context.run();
}
void ssl_client_thread()
{
asio::io_context io_context;
@@ -229,6 +232,11 @@ void ssl_client_thread()
asio::ssl::context ctx(asio::ssl::context::tls_client);
#if CONFIG_EXAMPLE_CLIENT_VERIFY_PEER
ctx.add_certificate_authority(cert_chain);
// mbedtls (from 3.6.3) requires hostname to be set when performing TLS handshake with verify-peer option
// asio::ssl allows for name verification using verification callback, i.e. socket_.set_verify_callback(asio::ssl::host_name_verification()),
// - which is not supported in Espressif ASIO port yet.
// Therefore we provide a way to directly use mbedtls API and here we just configure the expected hostname to verify
asio::ssl::mbedtls::set_hostname(ctx.native_handle(), server_ip);
#endif // CONFIG_EXAMPLE_CLIENT_VERIFY_PEER
Client c(io_context, ctx, endpoints);