This commit is contained in:
Frank Mertens 2024-09-20 16:17:15 +05:30 committed by GitHub
commit 1aff4ff23a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 13 additions and 1 deletions

View File

@ -115,4 +115,12 @@ menu "ESP-TLS"
help
Enable detailed debug prints for wolfSSL SSL library.
config ESP_TLS_OCSP_CHECKALL
bool "Enabled full OCSP checks for ESP-TLS"
depends on ESP_TLS_USING_WOLFSSL
default y
help
Enable a fuller set of OCSP checks: checking revocation status of intermediate certificates,
optional fallbacks to CRLs, etc.
endmenu

View File

@ -316,8 +316,12 @@ static esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls
}
#ifdef CONFIG_WOLFSSL_HAVE_OCSP
int ocsp_options = 0;
#ifdef ESP_TLS_OCSP_CHECKALL
ocsp_options |= WOLFSSL_OCSP_CHECKALL;
#endif
/* enable OCSP certificate status check for this TLS context */
if ((ret = wolfSSL_CTX_EnableOCSP((WOLFSSL_CTX *)tls->priv_ctx, WOLFSSL_OCSP_CHECKALL)) != WOLFSSL_SUCCESS) {
if ((ret = wolfSSL_CTX_EnableOCSP((WOLFSSL_CTX *)tls->priv_ctx, ocsp_options)) != WOLFSSL_SUCCESS) {
ESP_LOGE(TAG, "wolfSSL_CTX_EnableOCSP failed, returned %d", ret);
return ESP_ERR_WOLFSSL_CTX_SETUP_FAILED;
}