forked from espressif/esp-idf
fix(esp_tls): PSK available in headers only if enabled in Kconfig
This commit is contained in:
David Cermak
@@ -187,9 +187,11 @@ typedef struct esp_tls_cfg {
|
|||||||
|
|
||||||
tls_keep_alive_cfg_t *keep_alive_cfg; /*!< Enable TCP keep-alive timeout for SSL connection */
|
tls_keep_alive_cfg_t *keep_alive_cfg; /*!< Enable TCP keep-alive timeout for SSL connection */
|
||||||
|
|
||||||
|
#if defined(CONFIG_ESP_TLS_PSK_VERIFICATION)
|
||||||
const psk_hint_key_t* psk_hint_key; /*!< Pointer to PSK hint and key. if not NULL (and certificates are NULL)
|
const psk_hint_key_t* psk_hint_key; /*!< Pointer to PSK hint and key. if not NULL (and certificates are NULL)
|
||||||
then PSK authentication is enabled with configured setup.
|
then PSK authentication is enabled with configured setup.
|
||||||
Important note: the pointer must be valid for connection */
|
Important note: the pointer must be valid for connection */
|
||||||
|
#endif /* CONFIG_ESP_TLS_PSK_VERIFICATION */
|
||||||
|
|
||||||
esp_err_t (*crt_bundle_attach)(void *conf);
|
esp_err_t (*crt_bundle_attach)(void *conf);
|
||||||
/*!< Function pointer to esp_crt_bundle_attach. Enables the use of certification
|
/*!< Function pointer to esp_crt_bundle_attach. Enables the use of certification
|
||||||
|
|||||||
@@ -782,8 +782,8 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
|
|||||||
return esp_ret;
|
return esp_ret;
|
||||||
}
|
}
|
||||||
mbedtls_ssl_conf_ca_chain(&tls->conf, tls->cacert_ptr, NULL);
|
mbedtls_ssl_conf_ca_chain(&tls->conf, tls->cacert_ptr, NULL);
|
||||||
} else if (cfg->psk_hint_key) {
|
|
||||||
#if defined(CONFIG_ESP_TLS_PSK_VERIFICATION)
|
#if defined(CONFIG_ESP_TLS_PSK_VERIFICATION)
|
||||||
|
} else if (cfg->psk_hint_key) {
|
||||||
//
|
//
|
||||||
// PSK encryption mode is configured only if no certificate supplied and psk pointer not null
|
// PSK encryption mode is configured only if no certificate supplied and psk pointer not null
|
||||||
ESP_LOGD(TAG, "ssl psk authentication");
|
ESP_LOGD(TAG, "ssl psk authentication");
|
||||||
@@ -795,13 +795,10 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
|
|||||||
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret);
|
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_MBEDTLS, -ret);
|
||||||
return ESP_ERR_MBEDTLS_SSL_CONF_PSK_FAILED;
|
return ESP_ERR_MBEDTLS_SSL_CONF_PSK_FAILED;
|
||||||
}
|
}
|
||||||
#else
|
|
||||||
ESP_LOGE(TAG, "psk_hint_key configured but not enabled in menuconfig: Please enable ESP_TLS_PSK_VERIFICATION option");
|
|
||||||
return ESP_ERR_INVALID_STATE;
|
|
||||||
#endif
|
#endif
|
||||||
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
|
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
|
||||||
} else if (cfg->client_session != NULL) {
|
} else if (cfg->client_session != NULL) {
|
||||||
ESP_LOGD(TAG, "Resuming the saved client session");
|
ESP_LOGD(TAG, "Reusing the saved client session");
|
||||||
#endif
|
#endif
|
||||||
} else {
|
} else {
|
||||||
#ifdef CONFIG_ESP_TLS_SKIP_SERVER_CERT_VERIFY
|
#ifdef CONFIG_ESP_TLS_SKIP_SERVER_CERT_VERIFY
|
||||||
|
|||||||
Reference in New Issue
Block a user