alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

fix(esp_wifi): Enable Server certificate validation when using mbedtls TLS v1.3

Browse Source 
In TLS v1.2, It was possible to disable server certificate validation simply by using
API 'mbedtls_ssl_conf_authmode'. But this behaviour is changed in TLS v1.3. We can not
disable server certificate validation in TLS v1.3 using this API anymore.

For more details, refer https://github.com/Mbed-TLS/mbedtls/issues/7075
This commit is contained in:
Sarvesh Bodakhe 2023-11-11 13:37:30 +05:30
parent ec09cdf885
commit 5ce95cae91
1 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c
View File

@ -57,10 +57,17 @@ static const char *TAG = "example";
To embed it in the app binary, the PEM, CRT and KEY file is named
in the component.mk COMPONENT_EMBED_TXTFILES variable.
*/
#ifdef CONFIG_EXAMPLE_VALIDATE_SERVER_CERT
#if defined(CONFIG_EXAMPLE_VALIDATE_SERVER_CERT) || \
defined(CONFIG_EXAMPLE_WPA3_ENTERPRISE) || \
defined(CONFIG_EXAMPLE_WPA3_192BIT_ENTERPRISE) || \
defined(CONFIG_ESP_WIFI_EAP_TLS1_3)
#define SERVER_CERT_VALIDATION_ENABLED
#endif
#ifdef SERVER_CERT_VALIDATION_ENABLED
extern uint8_t ca_pem_start[] asm("_binary_ca_pem_start");
extern uint8_t ca_pem_end[] asm("_binary_ca_pem_end");
#endif /* CONFIG_EXAMPLE_VALIDATE_SERVER_CERT */
#endif /* SERVER_CERT_VALIDATION_ENABLED */
#ifdef CONFIG_EXAMPLE_EAP_METHOD_TLS
extern uint8_t client_crt_start[] asm("_binary_client_crt_start");
@ -88,9 +95,9 @@ static void event_handler(void* arg, esp_event_base_t event_base,
static void initialise_wifi(void)
{
#ifdef CONFIG_EXAMPLE_VALIDATE_SERVER_CERT
#ifdef SERVER_CERT_VALIDATION_ENABLED
unsigned int ca_pem_bytes = ca_pem_end - ca_pem_start;
#endif /* CONFIG_EXAMPLE_VALIDATE_SERVER_CERT */
#endif /* SERVER_CERT_VALIDATION_ENABLED */
#ifdef CONFIG_EXAMPLE_EAP_METHOD_TLS
unsigned int client_crt_bytes = client_crt_end - client_crt_start;
@ -123,11 +130,9 @@ static void initialise_wifi(void)
ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config) );
ESP_ERROR_CHECK(esp_eap_client_set_identity((uint8_t *)EXAMPLE_EAP_ID, strlen(EXAMPLE_EAP_ID)) );
#if defined(CONFIG_EXAMPLE_VALIDATE_SERVER_CERT) || \
defined(CONFIG_EXAMPLE_WPA3_ENTERPRISE) || \
defined(CONFIG_EXAMPLE_WPA3_192BIT_ENTERPRISE)
#ifdef SERVER_CERT_VALIDATION_ENABLED
ESP_ERROR_CHECK(esp_eap_client_set_ca_cert(ca_pem_start, ca_pem_bytes) );
#endif /* CONFIG_EXAMPLE_VALIDATE_SERVER_CERT */ /* EXAMPLE_WPA3_ENTERPRISE */
#endif /* SERVER_CERT_VALIDATION_ENABLED */
#ifdef CONFIG_EXAMPLE_EAP_METHOD_TLS
ESP_ERROR_CHECK(esp_eap_client_set_certificate_and_key(client_crt_start, client_crt_bytes,