forked from espressif/esp-mqtt
Merge branch 'featrue/enable_global_ca_store' into 'master'
client: added config option to enable global ca strore See merge request espressif/esp-mqtt!38
This commit is contained in:
David Čermák
@@ -122,6 +122,7 @@ typedef struct {
|
|||||||
esp_mqtt_transport_t transport; /*!< overrides URI transport */
|
esp_mqtt_transport_t transport; /*!< overrides URI transport */
|
||||||
int refresh_connection_after_ms; /*!< Refresh connection after this value (in milliseconds) */
|
int refresh_connection_after_ms; /*!< Refresh connection after this value (in milliseconds) */
|
||||||
const struct psk_key_hint* psk_hint_key; /*!< Pointer to PSK struct defined in esp_tls.h to enable PSK authentication (as alternative to certificate verification). If not NULL and server/client certificates are NULL, PSK is enabled */
|
const struct psk_key_hint* psk_hint_key; /*!< Pointer to PSK struct defined in esp_tls.h to enable PSK authentication (as alternative to certificate verification). If not NULL and server/client certificates are NULL, PSK is enabled */
|
||||||
|
bool use_global_ca_store; /*!< Use a global ca_store for all the connections in which this bool is set. */
|
||||||
} esp_mqtt_client_config_t;
|
} esp_mqtt_client_config_t;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -31,7 +31,7 @@
|
|||||||
{ if (key) { if (len) { setfn##_der(ssl, key, len); } else { setfn(ssl, key, strlen(key)); } } }
|
{ if (key) { if (len) { setfn##_der(ssl, key, len); } else { setfn(ssl, key, strlen(key)); } } }
|
||||||
#else
|
#else
|
||||||
# define MQTT_TRANSPORT_SET_CERT_OR_KEY(setfn, key, len) \
|
# define MQTT_TRANSPORT_SET_CERT_OR_KEY(setfn, key, len) \
|
||||||
{ if (key) { setfn(ssl, key, strlen(key)); } }
|
{ if (key) { setfn(ssl, key, strlen(key)); } }
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static const char *TAG = "MQTT_CLIENT";
|
static const char *TAG = "MQTT_CLIENT";
|
||||||
@@ -403,12 +403,16 @@ esp_mqtt_client_handle_t esp_mqtt_client_init(const esp_mqtt_client_config_t *co
|
|||||||
|
|
||||||
#ifndef MQTT_SUPPORTED_FEATURE_DER_CERTIFICATES
|
#ifndef MQTT_SUPPORTED_FEATURE_DER_CERTIFICATES
|
||||||
if (config->cert_len || config->client_cert_len || config->client_key_len) {
|
if (config->cert_len || config->client_cert_len || config->client_key_len) {
|
||||||
ESP_LOGE(TAG, "Explicit cert-/key-len is not available in IDF version %s", IDF_VER);
|
ESP_LOGE(TAG, "Explicit cert-/key-len is not available in IDF version %s", IDF_VER);
|
||||||
goto _mqtt_init_failed;
|
goto _mqtt_init_failed;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
MQTT_TRANSPORT_SET_CERT_OR_KEY(esp_transport_ssl_set_cert_data, config->cert_pem, config->cert_len);
|
if (config->use_global_ca_store == true) {
|
||||||
|
esp_transport_ssl_enable_global_ca_store(ssl);
|
||||||
|
} else if (config->cert_pem) {
|
||||||
|
MQTT_TRANSPORT_SET_CERT_OR_KEY(esp_transport_ssl_set_cert_data, config->cert_pem, config->cert_len);
|
||||||
|
}
|
||||||
MQTT_TRANSPORT_SET_CERT_OR_KEY(esp_transport_ssl_set_client_cert_data, config->client_cert_pem, config->client_cert_len);
|
MQTT_TRANSPORT_SET_CERT_OR_KEY(esp_transport_ssl_set_client_cert_data, config->client_cert_pem, config->client_cert_len);
|
||||||
MQTT_TRANSPORT_SET_CERT_OR_KEY(esp_transport_ssl_set_client_key_data, config->client_key_pem, config->client_key_len);
|
MQTT_TRANSPORT_SET_CERT_OR_KEY(esp_transport_ssl_set_client_key_data, config->client_key_pem, config->client_key_len);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user