diff --git a/components/esp_websocket_client/esp_websocket_client.c b/components/esp_websocket_client/esp_websocket_client.c index f0e5c8a66c..e396c3fb0f 100644 --- a/components/esp_websocket_client/esp_websocket_client.c +++ b/components/esp_websocket_client/esp_websocket_client.c @@ -320,8 +320,31 @@ esp_websocket_client_handle_t esp_websocket_client_init(const esp_websocket_clie ESP_WS_CLIENT_MEM_CHECK(TAG, ssl, goto _websocket_init_fail); esp_transport_set_default_port(ssl, WEBSOCKET_SSL_DEFAULT_PORT); - if (config->cert_pem) { - esp_transport_ssl_set_cert_data(ssl, config->cert_pem, strlen(config->cert_pem)); + if (config->use_global_ca_store == true) { + esp_transport_ssl_enable_global_ca_store(ssl); + } else if (config->cert_pem) { + if (!config->cert_len) { + esp_transport_ssl_set_cert_data(ssl, config->cert_pem, strlen(config->cert_pem)); + } else { + esp_transport_ssl_set_cert_data_der(ssl, config->cert_pem, config->cert_len); + } + } + if (config->client_cert) { + if (!config->client_cert_len) { + esp_transport_ssl_set_client_cert_data(ssl, config->client_cert, strlen(config->client_cert)); + } else { + esp_transport_ssl_set_client_cert_data_der(ssl, config->client_cert, config->client_cert_len); + } + } + if (config->client_key) { + if (!config->client_key_len) { + esp_transport_ssl_set_client_key_data(ssl, config->client_key, strlen(config->client_key)); + } else { + esp_transport_ssl_set_client_key_data_der(ssl, config->client_key, config->client_key_len); + } + } + if (config->skip_cert_common_name_check) { + esp_transport_ssl_skip_common_name_check(ssl); } esp_transport_list_add(client->transport_list, ssl, "_ssl"); // need to save to transport list, for cleanup diff --git a/components/esp_websocket_client/include/esp_websocket_client.h b/components/esp_websocket_client/include/esp_websocket_client.h index 55a580a9e7..62a0d53f09 100644 --- a/components/esp_websocket_client/include/esp_websocket_client.h +++ b/components/esp_websocket_client/include/esp_websocket_client.h @@ -81,14 +81,20 @@ typedef struct { int task_prio; /*!< Websocket task priority */ int task_stack; /*!< Websocket task stack */ int buffer_size; /*!< Websocket buffer size */ - const char *cert_pem; /*!< SSL Certification, PEM format as string, if the client requires to verify server */ + const char *cert_pem; /*!< Pointer to certificate data in PEM or DER format for server verify (with SSL), default is NULL, not required to verify the server. PEM-format must have a terminating NULL-character. DER-format requires the length to be passed in cert_len. */ + size_t cert_len; /*!< Length of the buffer pointed to by cert_pem. May be 0 for null-terminated pem */ + const char *client_cert; /*!< Pointer to certificate data in PEM or DER format for SSL mutual authentication, default is NULL, not required if mutual authentication is not needed. If it is not NULL, also `client_key` has to be provided. PEM-format must have a terminating NULL-character. DER-format requires the length to be passed in client_cert_len. */ + size_t client_cert_len; /*!< Length of the buffer pointed to by client_cert. May be 0 for null-terminated pem */ + const char *client_key; /*!< Pointer to private key data in PEM or DER format for SSL mutual authentication, default is NULL, not required if mutual authentication is not needed. If it is not NULL, also `client_cert` has to be provided. PEM-format must have a terminating NULL-character. DER-format requires the length to be passed in client_key_len */ + size_t client_key_len; /*!< Length of the buffer pointed to by client_key_pem. May be 0 for null-terminated pem */ esp_websocket_transport_t transport; /*!< Websocket transport type, see `esp_websocket_transport_t */ char *subprotocol; /*!< Websocket subprotocol */ char *user_agent; /*!< Websocket user-agent */ char *headers; /*!< Websocket additional headers */ int pingpong_timeout_sec; /*!< Period before connection is aborted due to no PONGs received */ bool disable_pingpong_discon; /*!< Disable auto-disconnect due to no PONG received within pingpong_timeout_sec */ - + bool use_global_ca_store; /*!< Use a global ca_store for all the connections in which this bool is set. */ + bool skip_cert_common_name_check;/*!< Skip any validation of server certificate CN field */ } esp_websocket_client_config_t; /**