From 331935d7ecf3ffa538a5d32075544bae265ad506 Mon Sep 17 00:00:00 2001
From: 0xFEEDC0DE64 <daniel@brunner.ninja>
Date: Thu, 3 Nov 2022 15:31:35 +0100
Subject: [PATCH] skip_server_verification

---
 components/esp_websocket_client/esp_websocket_client.c      | 6 +++++-
 .../esp_websocket_client/include/esp_websocket_client.h     | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/components/esp_websocket_client/esp_websocket_client.c b/components/esp_websocket_client/esp_websocket_client.c
index e00c24503..8c178136e 100644
--- a/components/esp_websocket_client/esp_websocket_client.c
+++ b/components/esp_websocket_client/esp_websocket_client.c
@@ -90,6 +90,7 @@ typedef struct {
     size_t                      client_cert_len;
     const char                  *client_key;
     size_t                      client_key_len;
+    bool                        skip_server_verification;
     bool                        use_global_ca_store;
     bool                        skip_cert_common_name_check;
     esp_err_t                   (*crt_bundle_attach)(void *conf);
@@ -492,7 +493,9 @@ static esp_err_t esp_websocket_client_create_transport(esp_websocket_client_hand
 
         esp_transport_set_default_port(ssl, WEBSOCKET_SSL_DEFAULT_PORT);
         esp_transport_list_add(client->transport_list, ssl, "_ssl"); // need to save to transport list, for cleanup
-        if (client->config->use_global_ca_store == true) {
+        if (client->config->skip_server_verification == true) {
+            esp_transport_ssl_skip_server_verification(ssl);
+        } else if (client->config->use_global_ca_store == true) {
             esp_transport_ssl_enable_global_ca_store(ssl);
         } else if (client->config->cert) {
             if (!client->config->cert_len) {
@@ -591,6 +594,7 @@ esp_websocket_client_handle_t esp_websocket_client_init(const esp_websocket_clie
     }
 
     // configure ssl related parameters
+    client->config->skip_server_verification = config->skip_server_verification;
     client->config->use_global_ca_store = config->use_global_ca_store;
     client->config->cert = config->cert_pem;
     client->config->cert_len = config->cert_len;
diff --git a/components/esp_websocket_client/include/esp_websocket_client.h b/components/esp_websocket_client/include/esp_websocket_client.h
index a31020e2f..d4baf5a42 100644
--- a/components/esp_websocket_client/include/esp_websocket_client.h
+++ b/components/esp_websocket_client/include/esp_websocket_client.h
@@ -119,6 +119,7 @@ typedef struct {
     bool                        use_global_ca_store;        /*!< Use a global ca_store for all the connections in which this bool is set. */
     esp_err_t (*crt_bundle_attach)(void *conf);             /*!< Function pointer to esp_crt_bundle_attach. Enables the use of certification bundle for server verification, MBEDTLS_CERTIFICATE_BUNDLE must be enabled in menuconfig. Include esp_crt_bundle.h, and use `esp_crt_bundle_attach` here to include bundled CA certificates. */
     bool                        skip_cert_common_name_check;/*!< Skip any validation of server certificate CN field */
+    bool                        skip_server_verification;   /*!< Skip server verification completely. Should only be used for debugging */
     bool                        keep_alive_enable;          /*!< Enable keep-alive timeout */
     int                         keep_alive_idle;            /*!< Keep-alive idle time. Default is 5 (second) */
     int                         keep_alive_interval;        /*!< Keep-alive interval time. Default is 5 (second) */