From 0234f6e538b5ef9ba4b5fad6ddc2758b022a6e0c Mon Sep 17 00:00:00 2001
From: David Cermak <cermak@espressif.com>
Date: Fri, 23 Aug 2019 14:33:35 +0200
Subject: [PATCH] client: added config option to enable global ca strore

closes https://github.com/espressif/esp-mqtt/issues/125
---
 include/mqtt_client.h |  1 +
 mqtt_client.c         | 12 ++++++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/include/mqtt_client.h b/include/mqtt_client.h
index 7093977..2f5aacc 100644
--- a/include/mqtt_client.h
+++ b/include/mqtt_client.h
@@ -122,6 +122,7 @@ typedef struct {
     esp_mqtt_transport_t transport;         /*!< overrides URI transport */
     int refresh_connection_after_ms;        /*!< Refresh connection after this value (in milliseconds) */
     const struct psk_key_hint* psk_hint_key;     /*!< Pointer to PSK struct defined in esp_tls.h to enable PSK authentication (as alternative to certificate verification). If not NULL and server/client certificates are NULL, PSK is enabled */
+    bool          use_global_ca_store;      /*!< Use a global ca_store for all the connections in which this bool is set. */
 } esp_mqtt_client_config_t;
 
 /**
diff --git a/mqtt_client.c b/mqtt_client.c
index f66b022..3fc715d 100644
--- a/mqtt_client.c
+++ b/mqtt_client.c
@@ -31,7 +31,7 @@
     { if (key) { if (len) { setfn##_der(ssl, key, len); } else { setfn(ssl, key, strlen(key)); } } }
 #else
 # define MQTT_TRANSPORT_SET_CERT_OR_KEY(setfn, key, len) \
-	{ if (key) { setfn(ssl, key, strlen(key)); } }
+    { if (key) { setfn(ssl, key, strlen(key)); } }
 #endif
 
 static const char *TAG = "MQTT_CLIENT";
@@ -403,12 +403,16 @@ esp_mqtt_client_handle_t esp_mqtt_client_init(const esp_mqtt_client_config_t *co
 
 #ifndef MQTT_SUPPORTED_FEATURE_DER_CERTIFICATES
     if (config->cert_len || config->client_cert_len || config->client_key_len) {
-	    ESP_LOGE(TAG, "Explicit cert-/key-len is not available in IDF version %s", IDF_VER);
-	    goto _mqtt_init_failed;
+        ESP_LOGE(TAG, "Explicit cert-/key-len is not available in IDF version %s", IDF_VER);
+        goto _mqtt_init_failed;
     }
 #endif
 
-    MQTT_TRANSPORT_SET_CERT_OR_KEY(esp_transport_ssl_set_cert_data, config->cert_pem, config->cert_len);
+    if (config->use_global_ca_store == true) {
+        esp_transport_ssl_enable_global_ca_store(ssl);
+    } else if (config->cert_pem) {
+        MQTT_TRANSPORT_SET_CERT_OR_KEY(esp_transport_ssl_set_cert_data, config->cert_pem, config->cert_len);
+    }
     MQTT_TRANSPORT_SET_CERT_OR_KEY(esp_transport_ssl_set_client_cert_data, config->client_cert_pem, config->client_cert_len);
     MQTT_TRANSPORT_SET_CERT_OR_KEY(esp_transport_ssl_set_client_key_data, config->client_key_pem, config->client_key_len);