diff --git a/components/esp_http_client/esp_http_client.c b/components/esp_http_client/esp_http_client.c index 517e95b962..3c6b08c648 100644 --- a/components/esp_http_client/esp_http_client.c +++ b/components/esp_http_client/esp_http_client.c @@ -300,12 +300,10 @@ esp_err_t esp_http_client_set_username(esp_http_client_handle_t client, const ch ESP_LOGE(TAG, "client must not be NULL"); return ESP_ERR_INVALID_ARG; } - if (username == NULL && client->connection_info.username != NULL) { + if (client->connection_info.username != NULL) { free(client->connection_info.username); - client->connection_info.username = NULL; - } else if (username != NULL) { - client->connection_info.username = strdup(username); } + client->connection_info.username = username ? strdup(username) : NULL; return ESP_OK; } @@ -325,13 +323,21 @@ esp_err_t esp_http_client_set_password(esp_http_client_handle_t client, char *pa ESP_LOGE(TAG, "client must not be NULL"); return ESP_ERR_INVALID_ARG; } - if (password == NULL && client->connection_info.password != NULL) { + if (client->connection_info.password != NULL) { memset(client->connection_info.password, 0, strlen(client->connection_info.password)); free(client->connection_info.password); - client->connection_info.password = NULL; - } else if (password != NULL) { - client->connection_info.password = strdup(password); } + client->connection_info.password = password ? strdup(password) : NULL; + return ESP_OK; +} + +esp_err_t esp_http_client_set_authtype(esp_http_client_handle_t client, esp_http_client_auth_type_t auth_type) +{ + if (client == NULL) { + ESP_LOGE(TAG, "client must not be NULL"); + return ESP_ERR_INVALID_ARG; + } + client->connection_info.auth_type = auth_type; return ESP_OK; } @@ -657,6 +663,7 @@ static esp_err_t esp_http_check_response(esp_http_client_handle_t client) switch (client->response->status_code) { case HttpStatus_MovedPermanently: case HttpStatus_Found: + case HttpStatus_TemporaryRedirect: esp_http_client_set_redirection(client); client->redirect_counter ++; client->process_again = 1; diff --git a/components/esp_http_client/include/esp_http_client.h b/components/esp_http_client/include/esp_http_client.h index 2f35fc9754..8d9243a0ba 100644 --- a/components/esp_http_client/include/esp_http_client.h +++ b/components/esp_http_client/include/esp_http_client.h @@ -131,6 +131,7 @@ typedef enum { /* 3xx - Redirection */ HttpStatus_MovedPermanently = 301, HttpStatus_Found = 302, + HttpStatus_TemporaryRedirect = 307, /* 4xx - Client Error */ HttpStatus_Unauthorized = 401 @@ -306,6 +307,18 @@ esp_err_t esp_http_client_get_password(esp_http_client_handle_t client, char **v */ esp_err_t esp_http_client_set_password(esp_http_client_handle_t client, char *password); +/** + * @brief Set http request auth_type. + * + * @param[in] client The esp_http_client handle + * @param[in] auth_type The esp_http_client auth type + * + * @return + * - ESP_OK + * - ESP_ERR_INVALID_ARG + */ +esp_err_t esp_http_client_set_authtype(esp_http_client_handle_t client, esp_http_client_auth_type_t auth_type); + /** * @brief Set http request method * diff --git a/components/esp_https_ota/src/esp_https_ota.c b/components/esp_https_ota/src/esp_https_ota.c index a6c993e0c2..c5c80c5517 100644 --- a/components/esp_https_ota/src/esp_https_ota.c +++ b/components/esp_https_ota/src/esp_https_ota.c @@ -47,6 +47,7 @@ static bool process_again(int status_code) switch (status_code) { case HttpStatus_MovedPermanently: case HttpStatus_Found: + case HttpStatus_TemporaryRedirect: case HttpStatus_Unauthorized: return true; default: @@ -58,7 +59,7 @@ static bool process_again(int status_code) static esp_err_t _http_handle_response_code(esp_http_client_handle_t http_client, int status_code) { esp_err_t err; - if (status_code == HttpStatus_MovedPermanently || status_code == HttpStatus_Found) { + if (status_code == HttpStatus_MovedPermanently || status_code == HttpStatus_Found || status_code == HttpStatus_TemporaryRedirect) { err = esp_http_client_set_redirection(http_client); if (err != ESP_OK) { ESP_LOGE(TAG, "URL redirection Failed"); diff --git a/components/freertos/test/test_freertos_mutex.c b/components/freertos/test/test_freertos_mutex.c index 51697984e7..11c761dded 100644 --- a/components/freertos/test/test_freertos_mutex.c +++ b/components/freertos/test/test_freertos_mutex.c @@ -12,7 +12,7 @@ static void mutex_release_task(void* arg) TEST_FAIL_MESSAGE("should not be reached"); } -TEST_CASE("mutex released not by owner causes an assert", "[freertos][reset=abort,SW_CPU_RESET]") +TEST_CASE_ESP32("mutex released not by owner causes an assert", "[freertos][reset=abort,SW_CPU_RESET]") { SemaphoreHandle_t mutex = xSemaphoreCreateMutex(); xSemaphoreTake(mutex, portMAX_DELAY); diff --git a/components/freertos/test/test_task_suspend_resume.c b/components/freertos/test/test_task_suspend_resume.c index 5dfb77b740..8fba220a2c 100644 --- a/components/freertos/test/test_task_suspend_resume.c +++ b/components/freertos/test/test_task_suspend_resume.c @@ -124,7 +124,6 @@ void IRAM_ATTR timer_group0_isr(void *vp_arg) { // Clear interrupt timer_group_clr_intr_status_in_isr(TIMER_GROUP_0, TIMER_0); - timer_group_clr_intr_status_in_isr(TIMER_GROUP_0, TIMER_1); timer_isr_fired = true; TaskHandle_t handle = vp_arg; @@ -170,6 +169,7 @@ static void test_resume_task_from_isr(int target_core) vTaskDelay(1); + timer_deinit(TIMER_GROUP_0, TIMER_0); TEST_ASSERT_TRUE(timer_isr_fired); TEST_ASSERT_TRUE(resumed); } diff --git a/components/freertos/test/test_thread_local.c b/components/freertos/test/test_thread_local.c index 79ed8bb7b8..cda1a25f02 100644 --- a/components/freertos/test/test_thread_local.c +++ b/components/freertos/test/test_thread_local.c @@ -86,7 +86,7 @@ static void task_test_tls(void *arg) } } -TEST_CASE("TLS test", "[freertos]") +TEST_CASE_ESP32("TLS test", "[freertos]") { const size_t stack_size = 3072; StackType_t s_stack[stack_size]; /* with 8KB test task stack (default) this test still has ~3KB headroom */ diff --git a/components/lwip/port/esp32/include/arpa/inet.h b/components/lwip/port/esp32/include/arpa/inet.h index 90428f687d..94c6c17ed5 100644 --- a/components/lwip/port/esp32/include/arpa/inet.h +++ b/components/lwip/port/esp32/include/arpa/inet.h @@ -15,6 +15,6 @@ #ifndef INET_H_ #define INET_H_ -#include "../../../lwip/src/include/lwip/inet.h" +#include "lwip/inet.h" #endif /* INET_H_ */ diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index f9dd804731..3aaa3dead6 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -601,4 +601,16 @@ menu "mbedTLS" # end of Elliptic Curve options + menuconfig MBEDTLS_SECURITY_RISKS + bool "Show configurations with potential security risks" + default n + + config MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT + bool "X.509 CRT parsing with unsupported critical extensions" + depends on MBEDTLS_SECURITY_RISKS + default n + help + Allow the X.509 certificate parser to load certificates + with unsupported critical extensions + endmenu # mbedTLS diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index d971ab8db4..f702ae1d59 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -2214,6 +2214,25 @@ */ #define MBEDTLS_X509_CRT_WRITE_C +/** + * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION + * + * Alow the X509 parser to not break-off when parsing an X509 certificate + * and encountering an unknown critical extension. + * + * Module: library/x509_crt.c + * + * Requires: MBEDTLS_X509_CRT_PARSE_C + * + * This module is supports loading of certificates with extensions that + * may not be supported by mbedtls. + */ +#ifdef CONFIG_MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT +#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +#else +#undef MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +#endif + /** * \def MBEDTLS_X509_CSR_WRITE_C *