kopia lustrzana https://github.com/espressif/esp-idf
change(esp-tls): make wolfSSL backend send SNI and enable OCSP
Almost all sites these days are virtually hosted and hence SNI (server name indicator TLS extension) should be enabled by default. In addition this change enables OCSP (online server status protocol) support for esp-tls clients using the wolfSSL backend. The 3 code lines enable OCSP stabling v1. By default this feature is disabled. (I will send another PR on esp-wolfssl repository to allow to enable it easily.)pull/13618/head
rodzic
05d3c06c7c
commit
edd260e543
|
@ -310,6 +310,14 @@ static esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls
|
|||
#endif /* CONFIG_WOLFSSL_HAVE_ALPN */
|
||||
}
|
||||
|
||||
#ifdef CONFIG_WOLFSSL_HAVE_OCSP
|
||||
wolfSSL_CTX_EnableOCSPStapling((WOLFSSL_CTX *)tls->priv_ctx );
|
||||
wolfSSL_UseOCSPStapling((WOLFSSL *)tls->priv_ssl, WOLFSSL_CSR_OCSP, 0);
|
||||
wolfSSL_CTX_EnableOCSP((WOLFSSL_CTX *)tls->priv_ctx, 0);
|
||||
#endif
|
||||
|
||||
wolfSSL_CTX_UseSNI(tls->priv_ctx, WOLFSSL_SNI_HOST_NAME, hostname, hostlen);
|
||||
|
||||
wolfSSL_set_fd((WOLFSSL *)tls->priv_ssl, tls->sockfd);
|
||||
return ESP_OK;
|
||||
}
|
||||
|
|
Ładowanie…
Reference in New Issue