feat(websocket): allow users to attach CA bundle

with esp_transport_ssl_crt_bundle_attach(), it is not necessary to
include a specific certificate. other protocol clients, such as
esp_http_client, do the same.

fixes #48
This commit is contained in:
Tomoyuki Sakurai
2022-06-02 12:16:46 +07:00
parent 7346ed9765
commit d56b5d90ea
2 changed files with 10 additions and 0 deletions

View File

@ -392,6 +392,15 @@ esp_websocket_client_handle_t esp_websocket_client_init(const esp_websocket_clie
esp_transport_ssl_set_client_key_data_der(ssl, config->client_key, config->client_key_len);
}
}
if (config->crt_bundle_attach) {
#ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
esp_transport_ssl_crt_bundle_attach(ssl, config->crt_bundle_attach);
#else //CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
ESP_LOGE(TAG, "crt_bundle_attach configured but not enabled in menuconfig: Please enable MBEDTLS_CERTIFICATE_BUNDLE option");
#endif
}
if (config->skip_cert_common_name_check) {
esp_transport_ssl_skip_common_name_check(ssl);
}