asio: option to use wolfSSL as TLS stack for ASIO

Plus other minor update, make openssl aware of current modes (SSL_set_mode) Update coding style in examples and tests, including copyright notices * Original commit: espressif/esp-idf@1c8171c3e8
2025-07-17 12:32:14 +02:00 · 2020-06-05 17:17:55 +02:00
parent c0c1a65598
commit c05558ba28
24 changed files with 305 additions and 105 deletions
--- a/components/asio/CMakeLists.txt
+++ b/components/asio/CMakeLists.txt
@ -1,5 +1,33 @@
-idf_component_register(SRCS "asio/asio/src/asio.cpp"
+set(asio_sources "asio/asio/src/asio.cpp")
-                            "asio/asio/src/asio_ssl.cpp"
+
-                            "port/src/esp_asio_openssl_stubs.c"
+if (CONFIG_ASIO_SSL_SUPPORT)
    if(CONFIG_ASIO_USE_ESP_OPENSSL)
        list(APPEND asio_sources
                "asio/asio/src/asio_ssl.cpp"
                "port/src/esp_asio_openssl_stubs.c")
    endif()
    if(CONFIG_ASIO_USE_ESP_WOLFSSL)
        list(APPEND asio_sources
                "asio/asio/src/asio_ssl.cpp")
    endif()
 endif()
 idf_component_register(SRCS ${asio_sources}
                    INCLUDE_DIRS "asio/asio/include" "port/include"
-                    REQUIRES lwip openssl)
+                    REQUIRES lwip)
 if (CONFIG_ASIO_SSL_SUPPORT)
    if(CONFIG_ASIO_USE_ESP_WOLFSSL)
        idf_component_get_property(wolflib esp-wolfssl COMPONENT_LIB)
        idf_component_get_property(wolfdir esp-wolfssl COMPONENT_DIR)
        target_link_libraries(${COMPONENT_LIB} PUBLIC ${wolflib})
        target_include_directories(${COMPONENT_LIB} PUBLIC ${wolfdir}/wolfssl/wolfssl)
    endif()
    if(CONFIG_ASIO_USE_ESP_OPENSSL)
        idf_component_get_property(esp_openssl openssl COMPONENT_LIB)
        target_link_libraries(${COMPONENT_LIB} PUBLIC ${esp_openssl})
    endif()
 endif()
--- a/components/asio/Kconfig
+++ b/components/asio/Kconfig
@ -0,0 +1,25 @@
 menu "ESP-ASIO"
    config ASIO_SSL_SUPPORT
        bool "Enable SSL/TLS support of ASIO"
        default n
        help
            Enable support for basic SSL/TLS features, available for mbedTLS/OpenSSL
            as well as wolfSSL TLS library.
    choice ASIO_SSL_LIBRARY_CHOICE
        prompt "Choose SSL/TLS library for ESP-TLS (See help for more Info)"
        default ASIO_USE_ESP_OPENSSL
        depends on ASIO_SSL_SUPPORT
        help
            The ASIO support multiple backend TLS libraries. Currently the mbedTLS with a thin ESP-OpenSSL
            port layer (default choice) and WolfSSL are supported.
            Different TLS libraries may support different features and have different resource
            usage. Consult the ESP-TLS documentation in ESP-IDF Programming guide for more details.
        config ASIO_USE_ESP_OPENSSL
            bool "esp-openssl"
        config ASIO_USE_ESP_WOLFSSL
            depends on TLS_STACK_WOLFSSL
            bool "wolfSSL (License info in wolfSSL directory README)"
    endchoice
 endmenu
--- a/components/asio/asio
+++ b/components/asio/asio
--- a/components/asio/component.mk
+++ b/components/asio/component.mk
@ -2,4 +2,8 @@ COMPONENT_ADD_INCLUDEDIRS := asio/asio/include port/include
 COMPONENT_PRIV_INCLUDEDIRS := private_include
 COMPONENT_SRCDIRS := asio/asio/src port/src
 ifeq ($(CONFIG_ASIO_SSL_SUPPORT), )
 COMPONENT_OBJEXCLUDE := asio/asio/src/asio_ssl.o port/src/esp_asio_openssl_stubs.o
 endif
 COMPONENT_SUBMODULES += asio
--- a/components/asio/port/include/esp_asio_config.h
+++ b/components/asio/port/include/esp_asio_config.h
@ -40,4 +40,11 @@
 # define ASIO_STANDALONE
 # define ASIO_HAS_PTHREADS
 # ifdef CONFIG_ASIO_USE_ESP_OPENSSL
 #  define ASIO_USE_ESP_OPENSSL
 #  define OPENSSL_NO_ENGINE
 # elif CONFIG_ASIO_USE_ESP_WOLFSSL
 #  define ASIO_USE_WOLFSSL
 # endif   // CONFIG_ASIO_USE_ESP_OPENSSL
 #endif // _ESP_ASIO_CONFIG_H_
--- a/components/asio/port/include/openssl/conf.h
+++ b/components/asio/port/include/openssl/conf.h
@ -14,7 +14,13 @@
 #ifndef _ESP_ASIO_OPENSSL_CONF_H
 #define _ESP_ASIO_OPENSSL_CONF_H
-
+#include "esp_asio_config.h"
 #include "openssl/esp_asio_openssl_stubs.h"
 #if defined(ASIO_USE_WOLFSSL)
 // SSLv3 Methods not present in current wolfSSL library
 #define OPENSSL_NO_SSL3
 #include_next "openssl/conf.h"
 #endif // ASIO_USE_WOLFSSL
 #endif // _ESP_ASIO_OPENSSL_CONF_H
--- a/components/asio/port/include/openssl/dh.h
+++ b/components/asio/port/include/openssl/dh.h
@ -0,0 +1,23 @@
 // Copyright 2020 Espressif Systems (Shanghai) PTE LTD
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 #ifndef _ESP_ASIO_OPENSSL_DH_STUB_H
 #define _ESP_ASIO_OPENSSL_DH_STUB_H
 // Dummy header needed for ASIO compilation with esp-openssl
 #if defined(ASIO_USE_WOLFSSL)
 #include_next "openssl/dh.h"
 #endif // ASIO_USE_WOLFSSL
 #endif // _ESP_ASIO_OPENSSL_DH_STUB_H
--- a/components/asio/port/include/openssl/esp_asio_openssl_stubs.h
+++ b/components/asio/port/include/openssl/esp_asio_openssl_stubs.h
@ -15,21 +15,57 @@
 #ifndef _ESP_ASIO_OPENSSL_STUBS_H
 #define _ESP_ASIO_OPENSSL_STUBS_H
 #include "internal/ssl_x509.h"
 #include "internal/ssl_pkey.h"
 #include "mbedtls/pem.h"
 #include <stdint.h>
 /**
 * @note This header contains openssl API which are NOT implemented, and are only provided
 * as stubs or no-operations to get the ASIO library compiled and working with most
 * practical use cases as an embedded application on ESP platform
 */
 #if defined(ASIO_USE_WOLFSSL)
 #include "wolfssl/ssl.h"
 // esp-wolfssl disables filesystem by default, but the ssl filesystem functions are needed for the ASIO to compile
 //  - so we could either configure wolfSSL to use filesystem
 //  - or use the default wolfSSL and declare the filesystem functions -- preferred option, as whenever
 //    the filesystem functions are used from app code (potential security impact if private keys in a filesystem)
 //    compilation fails with linking errors.
 #if defined(NO_FILESYSTEM)
 // WolfSSL methods that are not included in standard esp-wolfssl config, must be defined here
 // as function stubs,  so ASIO compiles, but would get link errors, if these functions were used.
 #ifdef __cplusplus
 extern "C" {
 #endif
 typedef struct WOLFSSL_CTX      WOLFSSL_CTX;
 void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
 int SSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*, const char*);
 int SSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int);
 int SSL_CTX_use_certificate_chain_file(WOLFSSL_CTX*, const char*);
 int SSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int);
 int SSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int);
 #if defined(__cplusplus)
 } /* extern C */
 #endif
 #endif // NO_FILESYSTEM
 #elif defined(ASIO_USE_ESP_OPENSSL)
 #include "internal/ssl_x509.h"
 #include "internal/ssl_pkey.h"
 #include "mbedtls/pem.h"
 #include <stdint.h>
 #ifdef __cplusplus
 extern "C" {
 #endif
 // The most applicable OpenSSL version wrtt ASIO usage
 #define OPENSSL_VERSION_NUMBER 0x10100001L
 // SSLv2 methods not supported
@ -40,10 +76,7 @@ extern "C" {
 #define SSL_R_SHORT_READ 219
 #define SSL_OP_ALL 0
 #define SSL_OP_SINGLE_DH_USE 0
 //#define OPENSSL_VERSION_NUMBER 0x10001000L
 #define SSL_OP_NO_COMPRESSION 0
 //#define LIBRESSL_VERSION_NUMBER 1
 //#define PEM_R_NO_START_LINE 110
 // Translates mbedTLS PEM parse error, used by ASIO
 #define PEM_R_NO_START_LINE -MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
@ -58,9 +91,6 @@ extern "C" {
 #define NID_subject_alt_name 85
 #define SSL_MODE_RELEASE_BUFFERS            0x00000000L
 #define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
 #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
 #define GEN_DNS		2
 #define GEN_IPADD	7
@ -153,13 +183,6 @@ void *	X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
 */
 int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh);
 /**
 * @brief Sets SSL mode -- not implemented
 *
 * Current implementation is no-op
 */
 uint32_t SSL_set_mode(SSL *ssl, uint32_t mode);
 /**
 * @brief API provaded as declaration only
 *
@ -182,4 +205,5 @@ int SSL_CTX_clear_chain_certs(SSL_CTX *ctx);
 } /* extern C */
 #endif
 #endif /* ASIO_USE_ESP_OPENSSL, ASIO_USE_WOLFSSL */
 #endif /* _ESP_ASIO_OPENSSL_STUBS_H */
--- a/components/asio/port/include/openssl/rsa.h
+++ b/components/asio/port/include/openssl/rsa.h
@ -0,0 +1,23 @@
 // Copyright 2020 Espressif Systems (Shanghai) PTE LTD
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 #ifndef _ESP_ASIO_OPENSSL_RSA_STUB_H
 #define _ESP_ASIO_OPENSSL_RSA_STUB_H
 // Dummy header needed for ASIO compilation with esp-openssl
 #if defined(ASIO_USE_WOLFSSL)
 #include_next "openssl/rsa.h"
 #endif // ASIO_USE_WOLFSSL
 #endif // _ESP_ASIO_OPENSSL_RSA_STUB_H
--- a/components/asio/port/include/openssl/x509v3.h
+++ b/components/asio/port/include/openssl/x509v3.h
@ -0,0 +1,23 @@
 // Copyright 2020 Espressif Systems (Shanghai) PTE LTD
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 #ifndef _ESP_ASIO_OPENSSL_X509V3_STUB_H
 #define _ESP_ASIO_OPENSSL_X509V3_STUB_H
 // Dummy header needed for ASIO compilation with esp-openssl
 #if defined(ASIO_USE_WOLFSSL)
 #include_next "openssl/x509v3.h"
 #endif // ASIO_USE_WOLFSSL
 #endif // _ESP_ASIO_OPENSSL_X509V3_STUB_H
--- a/components/asio/port/src/esp_asio_openssl_stubs.c
+++ b/components/asio/port/src/esp_asio_openssl_stubs.c
@ -49,11 +49,6 @@ X509_NAME *X509_get_subject_name(X509 *a)
    return NULL;
 }
 uint32_t SSL_set_mode(SSL *ssl, uint32_t mode)
 {
    return 0;
 }
 int SSL_CTX_clear_chain_certs(SSL_CTX *ctx)
 {
    return 1;
--- a/docs/en/api-reference/protocols/asio.rst
+++ b/docs/en/api-reference/protocols/asio.rst
@ -14,12 +14,12 @@ Asio also comes with a number of examples which could be find under Documentatio
 Supported features
 ^^^^^^^^^^^^^^^^^^
 ESP platform port currently supports only network asynchronous socket operations; does not support serial port.
-SSL/TLS support if disabled by default and could be enabled in component configuration menu and choosing TLS library from
+SSL/TLS support is disabled by default and could be enabled in component configuration menu by choosing TLS library from
 - mbedTLS with OpenSSL translation layer (default option)
 - wolfSSL
-SSL support is very basic at this stage, not including
+SSL support is very basic at this stage and it does include following features:
 - Verification callbacks
 - DH property files
--- a/examples/protocols/asio/ssl_client_server/main/CMakeLists.txt
+++ b/examples/protocols/asio/ssl_client_server/main/CMakeLists.txt
@ -1,3 +1,3 @@
 idf_component_register(SRCS "asio_ssl_main.cpp"
                    INCLUDE_DIRS "."
-        EMBED_TXTFILES cacert.pem prvtkey.pem)
+        EMBED_TXTFILES ca.crt server.key srv.crt)
--- a/examples/protocols/asio/ssl_client_server/main/Kconfig.projbuild
+++ b/examples/protocols/asio/ssl_client_server/main/Kconfig.projbuild
@ -25,4 +25,12 @@ menu "Example Configuration"
        help
            Asio example server ip for the ASIO client to connect to.
    config EXAMPLE_CLIENT_VERIFY_PEER
        bool "Client to verify peer"
        default n
        depends on EXAMPLE_CLIENT
        help
            This option sets client's mode to verify peer, default is
            verify-none
 endmenu
--- a/examples/protocols/asio/ssl_client_server/main/asio_ssl_main.cpp
+++ b/examples/protocols/asio/ssl_client_server/main/asio_ssl_main.cpp
@ -1,3 +1,10 @@
 //
 // Copyright (c) 2003-2019 Christopher M. Kohlhoff (chris at kohlhoff dot com)
 //
 // Distributed under the Boost Software License, Version 1.0. (See accompanying
 // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
 //
 #include <string>
 #include "protocol_examples_common.h"
 #include "esp_event.h"
@ -11,30 +18,36 @@
 #include "asio/buffer.hpp"
 #include "esp_pthread.h"
-extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");
+extern const unsigned char server_pem_start[] asm("_binary_srv_crt_start");
-extern const unsigned char cacert_pem_end[]   asm("_binary_cacert_pem_end");
+extern const unsigned char server_pem_end[]   asm("_binary_srv_crt_end");
-extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");
+extern const unsigned char cacert_pem_start[] asm("_binary_ca_crt_start");
-extern const unsigned char prvtkey_pem_end[]   asm("_binary_prvtkey_pem_end");
+extern const unsigned char cacert_pem_end[]   asm("_binary_ca_crt_end");
 extern const unsigned char prvtkey_pem_start[] asm("_binary_server_key_start");
 extern const unsigned char prvtkey_pem_end[]   asm("_binary_server_key_end");
 const asio::const_buffer cert_chain(cacert_pem_start, cacert_pem_end - cacert_pem_start);
 const asio::const_buffer privkey(prvtkey_pem_start, prvtkey_pem_end - prvtkey_pem_start);
-
+const asio::const_buffer server_cert(server_pem_start, server_pem_end - server_pem_start);
 using asio::ip::tcp;
 using asio::ip::tcp;
 enum { max_length = 1024 };
-class client
+class Client {
 {
 public:
-    client(asio::io_context& io_context,
+    Client(asio::io_context& io_context,
           asio::ssl::context& context,
           const tcp::resolver::results_type& endpoints)
            : socket_(io_context, context)
    {
 #if CONFIG_EXAMPLE_CLIENT_VERIFY_PEER
        socket_.set_verify_mode(asio::ssl::verify_peer);
 #else
        socket_.set_verify_mode(asio::ssl::verify_none);
 #endif // CONFIG_EXAMPLE_CLIENT_VERIFY_PEER
        connect(endpoints);
    }
@ -117,10 +130,9 @@ private:
    char reply_[max_length];
 };
-class session : public std::enable_shared_from_this<session>
+class Session : public std::enable_shared_from_this<Session> {
 {
 public:
-    session(tcp::socket socket, asio::ssl::context& context)
+    Session(tcp::socket socket, asio::ssl::context& context)
            : socket_(std::move(socket), context)
    {
    }
@ -174,20 +186,19 @@ private:
    }
    asio::ssl::stream<tcp::socket> socket_;
-    char data_[1024];
+    char data_[max_length];
 };
-class server
+class Server {
 {
 public:
-    server(asio::io_context& io_context, unsigned short port)
+    Server(asio::io_context& io_context, unsigned short port)
            : acceptor_(io_context, tcp::endpoint(tcp::v4(), port)),
              context_(asio::ssl::context::tls_server)
    {
        context_.set_options(
                asio::ssl::context::default_workarounds
                | asio::ssl::context::no_sslv2);
-        context_.use_certificate_chain(cert_chain);
+        context_.use_certificate_chain(server_cert);
        context_.use_private_key(privkey, asio::ssl::context::pem);
        do_accept();
@ -201,7 +212,7 @@ private:
                {
                    if (!error)
                    {
-                        std::make_shared<session>(std::move(socket), context_)->start();
+                        std::make_shared<Session>(std::move(socket), context_)->start();
                    }
                    do_accept();
@ -225,7 +236,7 @@ void ssl_server_thread()
 {
    asio::io_context io_context;
-    server s(io_context, 443);
+    Server s(io_context, 443);
    io_context.run();
 }
@ -240,9 +251,11 @@ void ssl_client_thread()
    auto endpoints = resolver.resolve(server_ip, server_port);
    asio::ssl::context ctx(asio::ssl::context::tls_client);
-    ctx.use_certificate_chain(cert_chain);
+#if CONFIG_EXAMPLE_CLIENT_VERIFY_PEER
    ctx.add_certificate_authority(cert_chain);
 #endif // CONFIG_EXAMPLE_CLIENT_VERIFY_PEER
-    client c(io_context, ctx, endpoints);
+    Client c(io_context, ctx, endpoints);
    io_context.run();
--- a/examples/protocols/asio/ssl_client_server/main/ca.crt
+++ b/examples/protocols/asio/ssl_client_server/main/ca.crt
@ -0,0 +1,22 @@
 -----BEGIN CERTIFICATE-----
 MIIDkzCCAnugAwIBAgIUNI5wldYysh6rtCzYmda6H414aRswDQYJKoZIhvcNAQEL
 BQAwWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
 GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJRXNwcmVzc2lmMB4X
 DTIwMDEyMTA5MDk0NloXDTI1MDEyMDA5MDk0NlowWTELMAkGA1UEBhMCQVUxEzAR
 BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
 IEx0ZDESMBAGA1UEAwwJRXNwcmVzc2lmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 MIIBCgKCAQEAyadSpRnIQBVbEAsbpkrKrOMlBOMIUmA8AfNyOYPLfv0Oa5lBiMAV
 3OQDu5tYyFYKwkCUqq65iAm50fPbSH71w1tkja6nZ1yAIM+TvpMlM/WiFGrhY+Tc
 kAcLcKUJyPxrv/glzoVslbqUgIhuhCSKA8uk1+ILcn3nWzPcbcowLx31+AHeZj8h
 bIAdj6vjqxMCFStp4IcA+ikmCk75LCN4vkkifdkebb/ZDNYCZZhpCBnCHyFAjPc4
 7C+FDVGT3/UUeeTy+Mtn+MqUAhB+W0sPDm1n2h59D4Z/MFm0hl6GQCAKeMJPzssU
 BBsRm6zoyPQ4VTqG0uwfNNbORyIfKONMUwIDAQABo1MwUTAdBgNVHQ4EFgQUGYLV
 EkgWzxjpltE6texha7zZVxowHwYDVR0jBBgwFoAUGYLVEkgWzxjpltE6texha7zZ
 VxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAb2EF4Zg2XWNb
 eZHnzupCDd9jAhwPqkt7F1OXvxJa/RFUSB9+2izGvikGGhuKY4f0iLuqF+bhExD9
 sapDcdFO2Suh4J3onbwEvmKvsv56K3xhapYg8WwPofpkVirnkwFjpQXGzrYxPujg
 BPmSy3psQrhvOr/WH7SefJv2qr4ikaugfE+3enY4PL+C1dSQAuNo1QGgWsZIu0c8
 TZybNZ13vNVMA+tgj2CM8FR3Etaabwtu3TTcAnO7aoBTix/bLBTuZoczhN8/MhG3
 GylmDzFI8a6aKxQL3Fi4PsM82hRKWu3gfs39sR1Ci4V22v8uO5EWBPK0QZvDSc1a
 KwwxI4zA0w==
 -----END CERTIFICATE-----
--- a/examples/protocols/asio/ssl_client_server/main/cacert.pem
+++ b/examples/protocols/asio/ssl_client_server/main/cacert.pem
@ -1,21 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDezCCAmOgAwIBAgIJAPMMNobNczaUMA0GCSqGSIb3DQEBBAUAMHQxEzARBgNV
 BAMTCk15IFRlc3QgQ0ExCzAJBgNVBAgTAkhaMQswCQYDVQQGEwJDTjEcMBoGCSqG
 SIb3DQEJARYNdGVzdEBjZXJ0LmNvbTElMCMGA1UEChMcUm9vdCBDZXJ0aWZpY2F0
 aW9uIEF1dGhvcml0eTAeFw0xNjExMTUwNTA0MThaFw0xOTExMTUwNTA0MThaMHQx
 EzARBgNVBAMTCk15IFRlc3QgQ0ExCzAJBgNVBAgTAkhaMQswCQYDVQQGEwJDTjEc
 MBoGCSqGSIb3DQEJARYNdGVzdEBjZXJ0LmNvbTElMCMGA1UEChMcUm9vdCBDZXJ0
 aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
 ggEBALDjSPDlomepHCzbw4MUrquQAU0xTV4/Npb27k9I5TRVTjIoOs/5hNI2LPFW
 e4CREx09ZrT8K3NFOBoSy7bhPAsjGaFxCYYWc9tiX1m5gq3ToVRSmbZ65fE3kvnI
 8E/d5VyzA0OMmWbfaolBSTMoWgqRynEaT+z1Eh2yDTzVFy9eov1DdQFUqGDqbH5b
 QYvTY5Fyem7UcKWAe2yS0j3H4dVtVBKNY7qV3Px08yGAs5fQFgUwhyB5+qwhvkeL
 JdgapGaSTwLgoQKWHbe/lA3NiBIB9hznFUGKo3hmniAvYZbrQcn3tc0l/J4I39v2
 Pm29FAyjWvQyBkGktz2q4elOZYkCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkq
 hkiG9w0BAQQFAAOCAQEAJCJ+97oae/FcOLbPpjCpUQnWqYydgSChgalkZNvr4fVp
 TnuNg471l0Y2oTJLoWn2YcbPSFVOEeKkU47mpjMzucHHp0zGaW9SdzhZalWwmbgK
 q2ijecIbuFHFNedYTk/03K7eaAcjVhD8e0oOJImeLOL6DAFivA1LUnSgXsdGPDtD
 zhISsCPTu+cL1j0yP6HBvLeAyb8kaCWJ05RtiVLRANNHQn/keHajJYpMwnEEbJdG
 cqN3whfJoGVbZ6isEf2RQJ0pYRnP7uGLW3wGkLWxfdto8uER8HVDx7fZpevLIqGd
 1OoSEi3cIJXWBAjx0TLzzhtb6aeIxBJWQqHThtkKdg==
 -----END CERTIFICATE-----
--- a/examples/protocols/asio/ssl_client_server/main/component.mk
+++ b/examples/protocols/asio/ssl_client_server/main/component.mk
@ -7,5 +7,6 @@
 # please read the ESP-IDF documents if you need to do this.
 #
-COMPONENT_EMBED_TXTFILES := cacert.pem
+COMPONENT_EMBED_TXTFILES := ca.crt
-COMPONENT_EMBED_TXTFILES += prvtkey.pem
+COMPONENT_EMBED_TXTFILES += server.key
 COMPONENT_EMBED_TXTFILES += srv.crt
--- a/examples/protocols/asio/ssl_client_server/main/prvtkey.pem
+++ b/examples/protocols/asio/ssl_client_server/main/prvtkey.pem
@ -1,27 +0,0 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpAIBAAKCAQEAsONI8OWiZ6kcLNvDgxSuq5ABTTFNXj82lvbuT0jlNFVOMig6
 z/mE0jYs8VZ7gJETHT1mtPwrc0U4GhLLtuE8CyMZoXEJhhZz22JfWbmCrdOhVFKZ
 tnrl8TeS+cjwT93lXLMDQ4yZZt9qiUFJMyhaCpHKcRpP7PUSHbINPNUXL16i/UN1
 AVSoYOpsfltBi9NjkXJ6btRwpYB7bJLSPcfh1W1UEo1jupXc/HTzIYCzl9AWBTCH
 IHn6rCG+R4sl2BqkZpJPAuChApYdt7+UDc2IEgH2HOcVQYqjeGaeIC9hlutByfe1
 zSX8ngjf2/Y+bb0UDKNa9DIGQaS3Parh6U5liQIDAQABAoIBAB9K9jp3xXVlO3DM
 KBhmbkg3n6NSV4eW00d9w8cO9E1/0eeZql3knJS7tNO1IwApqiIAHM1j1yP7WONz
 88oUqpSlzwD6iF7KVhC3pHqxEOdDi0Tpn/viXg+Ab2X1IF5guRTfLnKiyviiCazi
 edqtBtDb3d6Icx9Oc7gBKcpbQFDGt++wSOb5L+xhRm9B5B4l/6byikiPeKqIK5tC
 SoP9Zr1mvpNoGm1P4LvEunFJcRBqVI010VNwfO9P98oVyzJu9/FZZrQxXoY9JdXF
 OM6nbl+hMDM3TkEOda9NvBhImozEAvuc97CaaXyR3XivxMqNqNIb4+syUPa2PCS3
 ZztI5qECgYEA1gbVG6ifpvpbBkDPi3Im8fM3F7FLLrQc48FdFjdMvDhHD9lVKucD
 Uaa8PF9dbbvlu2cwMyfBOKSuWaXxRxRsiqiPmTunS1MvPzQcSrGwUrL2AogGucn6
 +NrLQf5P4H5IpkDQ9ih3zwjO6xKFK1WeYnYpHM8qUBtl6q0YFyVBPu0CgYEA05Pn
 StWA4D7VSbNnVi6lvFyEOUsTrK3v419598TFiq4eXLq6aV8/CQYzKsSzoG+aOZhX
 Li+0uyT5cNzUcXYhTsW1hA/pNhMfxMrYiB1x14zlLp2WRGg4vd/+SxX6d9Yd3acX
 7QzPKgdDicXs9QN8ozJOICKvNbUI53AJdATVEY0CgYEAwvpGeoQLrdq1weSZLrg3
 soOX1QW3MDz1dKdbXjnStkWut0mOxR7fbysuoPFf8/ARQcCnsHKvHCMqkpESVWbN
 2yPkbfxiU8Tcbf/TJljqAOz4ISY6ula/RKZONTixHBrvpEW4GAiV3Q5xMsYUe33s
 ZFaw7YXtTj0ng7tdDvjpj6ECgYEApHdUU9ejVq2BHslWiqe4LbO9FMxHfvO2hgix
 xugupp6y+2Irhb2EQn+PRq+g8hXOzPaezkhHNTKItDL08T3iplkJwJ6dqmszRsZn
 i2dYFzZu8M2PAZ4CfZahFbz/9id7D9HTx3EtmH4NAgvZJpyPRkzUbiaIDDettDpj
 Hsyi1AECgYAPLvjBzQj4kPF8Zo9pQEUcz4pmupRVfv3aRfjnahDK4qZHEePDRj+J
 W7pzayrs1dyN9QLB8pTc424z7f8MB3llCICN+ohs8CR/eW0NEobE9ldDOeoCr1Vh
 NhNSbrN1iZ8U4oLkRTMaDKkVngGffvjGi/q0tOU7hJdZOqNlk2Iahg==
 -----END RSA PRIVATE KEY-----
--- a/examples/protocols/asio/ssl_client_server/main/server.key
+++ b/examples/protocols/asio/ssl_client_server/main/server.key
@ -0,0 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIEogIBAAKCAQEAlUCywNhVv4RO2y9h/XGKZ1azzk3jzHpSBzIGO9LoiA8trC/p
 1ykGaUfYPJllYK4HMhC4fUyE3J7tVL2Eskzl26LNPLbEoaBWZM9NhV3iA1/1EtOu
 p6umLx+y3sDfvK35YAOUbjdAlBfhnJ4r8h7oTsxl3J5jZ18zgjJnJi2NEFq/yTpO
 MiwHLWPjy25fDFixfV9UzSvbgt1JaGPmC7c4QkhHzjyp0+ikuvRIw0p9BBNeqBV2
 da3qBMB5FtodUJTAz6o6OKWbTalLjQi6C1H6z9TnY7IrJBUOy/FWkQH/sEsLdscD
 hHa1Dz2oT203QjhzyOSfnNF95D/1MdNcMt6l0wIDAQABAoIBAC1JJTOoMFRc48RT
 myrYQYNbZlEphv3q+2qdfhC2zMFDwbrmCtCy7PQSzYSNkpoEE8DYG/JAvmtmeWJl
 4pZrCK9ctWM/nWfhC3WpBL97nfEiM20T94F+bn0L5Cz8XqaULv839th+QUTt/hGU
 WIctY5VNJXcMQ+MAmtNdUbjex1d3iuxiKHUo4nDoZ8digKFNdtdP5B5nlMq5chCL
 mxNRcsGsx2dDAxbGUapdTVPWHPJKpLOBoSkluDsfd2KZADFU2R1SJpAX9+RYh3HM
 5FTUdHTUaISxbKkgeDKlEM0lqk2TtGUwCyEj098ewi7Wzsu9w60IplPPUJx5FRG6
 jp3wzLkCgYEAxKp5T20rf/7ysX7x053I7VCjDXUxAaWOEj1uS3AhOkl0NaZg7Di+
 y53fWNkcHdkt2n2LqMt/43UgMYq3TVVcq2eunPNF11e1bJw8CjDafwDs4omwwyVn
 lYhPuB4dK2OAib+vU5Zqpp0kZMoxk2MZVgon8z+s8DW/zmB6aFqAWeUCgYEAwkhC
 OgmXKMdjOCVy5t2f5UbY8Y9rV3w8eUATuJ47MMwLr4pGYnKoEn9JB4ltWrHv/u5S
 fOv3tIrrCEvnCoCbOILwCsY5LqTNXgqova8FB6RpMUQCzhDd8LHuvdHv0WMnMzX1
 3PKuqwh8JS55m4WqZRhzr5BFKG4fHPVs4IcaJVcCgYAzzCaJSdqUKqTnJOUydDNQ
 ddWMHNqccWs62J0tF0pZHLGT089hSAzQejMyJnSmU+Ykzr4y5e44DUg+ZCelIZ93
 saYmxlgVwI8THQ8fLADQRIEfpV4996MRmkZM2vmZzOo03Zyi6lIKsga82Rg3lnk8
 1Q3ynknBNpbfF0AGLhfyFQKBgBYlxJ73HutAJ5hr9HhLBYJOnEaVUehMOlycKGNg
 bmD2sdJWEgYBChXpurqIORYguLo4EuE4ySkkuPxeIr14wbkkfBbOWBBwKxUwY+IT
 xKAFZxR9q1AwbgyVTCEJgKw/AGX/HcMNS0omEnjunmBTUYRq0C1QZgHg490aQUor
 PJjLAoGAevzdTpFlVeuKeYh1oDubGO1LinyXpBv7fPFjl+zu4AVbjojcU6yC4OO6
 QvqopE6SyAECKy8kAOFcESPsGc9Lta2XUvI203z7pIVlNVEcJ0+90mQh3Mn1U46l
 sZ49PdRvNwNb5wvkh1UqNsMlGFbRlzMbIk45ou4311kCobowZek=
 -----END RSA PRIVATE KEY-----
--- a/examples/protocols/asio/ssl_client_server/main/srv.crt
+++ b/examples/protocols/asio/ssl_client_server/main/srv.crt
@ -0,0 +1,18 @@
 -----BEGIN CERTIFICATE-----
 MIIC9DCCAdwCFA1lSIcHwYKdB2UqOrZxZnVgPObTMA0GCSqGSIb3DQEBCwUAMFkx
 CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
 cm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCUVzcHJlc3NpZjAeFw0yMDA2
 MTIwNjA0MTNaFw0yMjA2MDIwNjA0MTNaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCC
 ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJVAssDYVb+ETtsvYf1ximdW
 s85N48x6UgcyBjvS6IgPLawv6dcpBmlH2DyZZWCuBzIQuH1MhNye7VS9hLJM5dui
 zTy2xKGgVmTPTYVd4gNf9RLTrqerpi8fst7A37yt+WADlG43QJQX4ZyeK/Ie6E7M
 ZdyeY2dfM4IyZyYtjRBav8k6TjIsBy1j48tuXwxYsX1fVM0r24LdSWhj5gu3OEJI
 R848qdPopLr0SMNKfQQTXqgVdnWt6gTAeRbaHVCUwM+qOjilm02pS40IugtR+s/U
 52OyKyQVDsvxVpEB/7BLC3bHA4R2tQ89qE9tN0I4c8jkn5zRfeQ/9THTXDLepdMC
 AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAnMYGW+idt37bEE4WPgrRorKWuplR+zHD
 wJFz53DQzyIZJHmJ2hR5U0jNcHy/nMq7tbdz9LZPrVF4lZJ3TJhnmkOKjMFPCQE8
 YcmsP3il6eXgtGqg53InOi/uJqEQ9TfM54cbpp6xKbnmpwk4uprISBRQt7u2ZLk2
 40ED6zgjFPDTYmSjSpb2AN6KUB6PflgVs+4p9ViHNq4U3AlYV/BM0+3G4aMX2wNl
 ZIpQfOyuaYD5MU50mY+O+gDiiypkpYf6a6S4YJ1sMbavDsP7bW5UMnP0jKYR549q
 5hF1fdkXq52DfJ9ya2kl3mANFkKssQV+1KCBMxGoeqfakmJfa03xXA==
 -----END CERTIFICATE-----
--- a/examples/protocols/asio/ssl_client_server/partitions.csv
+++ b/examples/protocols/asio/ssl_client_server/partitions.csv
@ -2,4 +2,4 @@
 # Note: if you have increased the bootloader size, make sure to update the offsets to avoid overlap
 nvs,      data, nvs,     0x9000,  0x6000,
 phy_init, data, phy,     0xf000,  0x1000,
-factory,  app,  factory, 0x10000, 1200000,
+factory,  app,  factory, 0x10000, 1400000,
--- a/examples/protocols/asio/ssl_client_server/sdkconfig.ci
+++ b/examples/protocols/asio/ssl_client_server/sdkconfig.ci
@ -3,4 +3,4 @@ CONFIG_EXAMPLE_SERVER=y
 CONFIG_EXAMPLE_SERVER_NAME="localhost"
 CONFIG_EXAMPLE_CONNECT_WIFI=n
 CONFIG_EXAMPLE_CONNECT_ETHERNET=n
-
+CONFIG_EXAMPLE_CLIENT_VERIFY_PEER=y
--- a/examples/protocols/asio/ssl_client_server/sdkconfig.defaults
+++ b/examples/protocols/asio/ssl_client_server/sdkconfig.defaults
@ -1,3 +1,4 @@
 CONFIG_ASIO_SSL_SUPPORT=y
 CONFIG_PARTITION_TABLE_CUSTOM=y
 CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv"
 CONFIG_PARTITION_TABLE_FILENAME="partitions.csv"