From ce321837497bb701d22d3aaf3fcd8e26e310d21f Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Tue, 6 Sep 2022 08:54:04 +0530 Subject: [PATCH] tcp_transport: Add support of setting the common name fot the TLS context --- .../tcp_transport/include/esp_transport_ssl.h | 29 ++++++++++--------- components/tcp_transport/transport_ssl.c | 6 ++++ tools/ci/check_copyright_ignore.txt | 1 - 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/components/tcp_transport/include/esp_transport_ssl.h b/components/tcp_transport/include/esp_transport_ssl.h index b31e5b4495..30e6db9e65 100644 --- a/components/tcp_transport/include/esp_transport_ssl.h +++ b/components/tcp_transport/include/esp_transport_ssl.h @@ -1,16 +1,8 @@ -// Copyright 2015-2018 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #ifndef _ESP_TRANSPORT_SSL_H_ #define _ESP_TRANSPORT_SSL_H_ @@ -142,6 +134,17 @@ void esp_transport_ssl_set_alpn_protocol(esp_transport_handle_t t, const char ** */ void esp_transport_ssl_skip_common_name_check(esp_transport_handle_t t); +/** + * @brief Set the server certificate's common name field + * + * @note + * If non-NULL, server certificate CN must match this name, + * If NULL, server certificate CN must match hostname. + * @param t ssl transport + * common_name A string containing the common name to be set + */ +void esp_transport_ssl_set_common_name(esp_transport_handle_t t, const char *common_name); + /** * @brief Set the ssl context to use secure element (atecc608a) for client(device) private key and certificate * diff --git a/components/tcp_transport/transport_ssl.c b/components/tcp_transport/transport_ssl.c index bd86b37a2c..15753156d2 100644 --- a/components/tcp_transport/transport_ssl.c +++ b/components/tcp_transport/transport_ssl.c @@ -408,6 +408,12 @@ void esp_transport_ssl_skip_common_name_check(esp_transport_handle_t t) ssl->cfg.skip_common_name = true; } +void esp_transport_ssl_set_common_name(esp_transport_handle_t t, const char *common_name) +{ + GET_SSL_FROM_TRANSPORT_OR_RETURN(ssl, t); + ssl->cfg.common_name = common_name; +} + #ifdef CONFIG_ESP_TLS_USE_SECURE_ELEMENT void esp_transport_ssl_use_secure_element(esp_transport_handle_t t) { diff --git a/tools/ci/check_copyright_ignore.txt b/tools/ci/check_copyright_ignore.txt index ddae9105ce..ee8ade8aac 100644 --- a/tools/ci/check_copyright_ignore.txt +++ b/tools/ci/check_copyright_ignore.txt @@ -1260,7 +1260,6 @@ components/spi_flash/test/test_mmap.c components/spi_flash/test/test_out_of_bounds_write.c components/spi_flash/test/test_partition_ext.c components/spi_flash/test/test_spi_flash.c -components/tcp_transport/include/esp_transport_ssl.h components/tcp_transport/include/esp_transport_tcp.h components/tcp_transport/include/esp_transport_ws.h components/tcp_transport/test/tcp_transport_fixtures.h