This port employs IDF port of OpenSSL for most common features, others
are discouraged or not supported. The port also introduces several stubs
for OpenSSL functions which ASIO needs to get compiled and linked.
Upstream ASIO supports WolfSSL as SSL/TLS stack, as well, which is
another option for SSL support in ASIO on ESP platform.
This defines the OpenSSL X509_CHECK_FLAG_...s and the set/clear
accessors. Since none of them are supported, the set / clear
accessor currently always does nothing and returns error.
This call is often part of the generic openssl user code to
set up certificate verification. This patch allows it to
compile for ESP32 and decide at runtime what to do about
unsupported flags.
Merges https://github.com/espressif/esp-idf/pull/980
This lets the user code set the mbedtls hostname using the standard OpenSSL
X509_VERIFY_PARAM_set1_host() API semantics.
The API takes an X509_VERIFY_PARAM pointer. We use the fact that is
a composed member of the SSL struct to derive the SSL pointer.
The X509_VERIFY_PARAM_set1_host() is unusual in that it can accept a
NUL terminated C string as usual, or a nonterminated pointer + length.
This implementation converts the latter to the former if given, before
using it.
This is enough for user code to get the openssl wrapper to make
mbedtls confirm the CN on the peer cert belongs to the hostname used
to reach it, by doing, eg
X509_VERIFY_PARAM_set1_host(SSL_get0_param(myssl), myhostname, 0);
Merges https://github.com/espressif/esp-idf/pull/980
This adds the standard OpenSSL api to get a pointer to the SSL struct's
X509_VERIFY_PARAM. We need this for the OpenSSL api to set the peer
hostname introduced in the next patch.
Part of https://github.com/espressif/esp-idf/pull/980
1. add openssl option at menuconfig
2. remove SSL_ERR to reduce complexity
3. add more functions about debugging and assert
According these, our coders and customers may use and debug the OpenSSL code easily.
1. add method of any version supporting at OpenSSL and add API in header file
2. change OpenSSL server context method to be method of any version
Fixes http://esp32.com/viewtopic.php?f=14&t=696.
New makefile component_wrapper.mk allows some variables to be set
before component.mk is evaluated. This properly fixes problems with
sdkconfig being hard to access in all phases of the build.
Including component_common.mk is no longer necessary and will print a
deprecation warning for components which use it.
1. change the description of Makefile.projbuild
2. remove the license header in the API document
3. add private inlcuding header code in the components file