From d74f7d2d04c00f452c6ce18f7185e22c65ad7711 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Sun, 4 Apr 2021 13:10:34 +0530 Subject: [PATCH] tcp_transport: Add option to enable crt_bundle for SSL connection --- components/tcp_transport/include/esp_transport_ssl.h | 12 ++++++++++-- components/tcp_transport/transport_ssl.c | 6 ++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/components/tcp_transport/include/esp_transport_ssl.h b/components/tcp_transport/include/esp_transport_ssl.h index d23a725c23..b31e5b4495 100644 --- a/components/tcp_transport/include/esp_transport_ssl.h +++ b/components/tcp_transport/include/esp_transport_ssl.h @@ -52,6 +52,16 @@ void esp_transport_ssl_set_cert_data(esp_transport_handle_t t, const char *data, */ void esp_transport_ssl_set_cert_data_der(esp_transport_handle_t t, const char *data, int len); +/** + * @brief Enable the use of certification bundle for server verfication for + * an SSL connection. + * It must be first enabled in menuconfig. + * + * @param t ssl transport + * @param[in] crt_bundle_attach Function pointer to esp_crt_bundle_attach + */ +void esp_transport_ssl_crt_bundle_attach(esp_transport_handle_t t, esp_err_t ((*crt_bundle_attach)(void *conf))); + /** * @brief Enable global CA store for SSL connection * @@ -141,14 +151,12 @@ void esp_transport_ssl_skip_common_name_check(esp_transport_handle_t t); */ void esp_transport_ssl_use_secure_element(esp_transport_handle_t t); - /** * @brief Set the ds_data handle in ssl context.(used for the digital signature operation) * * @param t ssl transport * ds_data the handle for ds data params */ - void esp_transport_ssl_set_ds_data(esp_transport_handle_t t, void *ds_data); /** diff --git a/components/tcp_transport/transport_ssl.c b/components/tcp_transport/transport_ssl.c index a1a678404a..e359b390b8 100644 --- a/components/tcp_transport/transport_ssl.c +++ b/components/tcp_transport/transport_ssl.c @@ -329,6 +329,12 @@ void esp_transport_ssl_use_secure_element(esp_transport_handle_t t) ssl->cfg.use_secure_element = true; } +void esp_transport_ssl_crt_bundle_attach(esp_transport_handle_t t, esp_err_t ((*crt_bundle_attach)(void *conf))) +{ + GET_SSL_FROM_TRANSPORT_OR_RETURN(ssl, t); + ssl->cfg.crt_bundle_attach = crt_bundle_attach; +} + static int ssl_get_socket(esp_transport_handle_t t) { transport_esp_tls_t *ssl = ssl_get_context_data(t);