esp-tls: Add changes to the Cert selection callback PR.

components/esp-tls/Kconfig

@@ -59,7 +59,7 @@ menu "ESP-TLS"
 
     config ESP_TLS_SERVER_CERT_SELECT_HOOK
         bool "Certificate selection hook"
-        depends on ESP_TLS_USING_MBEDTLS
+        depends on ESP_TLS_USING_MBEDTLS && ESP_TLS_SERVER
         help
             Ability to configure and use a certificate selection callback during server handshake,
             to select a certificate to present to the client based on the TLS extensions supplied in

components/esp-tls/esp_tls.h

@@ -198,7 +198,6 @@ typedef struct esp_tls_server_session_ticket_ctx {
 #endif
 
 
-#if defined(CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK)
 /**
  * @brief tls handshake callback
  * Can be used to configure per-handshake attributes for the TLS connection.
@@ -209,7 +208,6 @@ typedef struct esp_tls_server_session_ticket_ctx {
  *         or a specific MBEDTLS_ERR_XXX code, which will cause the handhsake to abort
  */
 typedef mbedtls_ssl_hs_cb_t esp_tls_handshake_callback;
-#endif
 
 typedef struct esp_tls_cfg_server {
     const char **alpn_protos;                   /*!< Application protocols required for HTTP2.
@@ -274,13 +272,14 @@ typedef struct esp_tls_cfg_server {
                                                     to free the data associated with this context. */
 #endif
 
+    void *userdata;                             /*!< User data to be added to the ssl context.
+                                                  Can be retrieved by callbacks */
 #if defined(CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK)
     esp_tls_handshake_callback cert_select_cb;  /*!< Certificate selection callback that gets called after ClientHello is processed.
                                                      Can be used as an SNI callback, but also has access to other
                                                      TLS extensions, such as ALPN and server_certificate_type . */
 #endif
 
-    void *userdata; /*!< User data to be add to the ssl context. Can be retrieved by callbacks */
 } esp_tls_cfg_server_t;
 
 /**

components/esp-tls/esp_tls_mbedtls.c

@@ -522,7 +522,7 @@ esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
 
 #if defined(CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK)
     if (cfg->cert_select_cb != NULL) {
-        ESP_LOGI(TAG, "Initializing server side certificate selection callback");
+        ESP_LOGI(TAG, "Initializing server side cert selection cb");
         mbedtls_ssl_conf_cert_cb(&tls->conf, cfg->cert_select_cb);
     }
 #endif
@@ -580,9 +580,10 @@ esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
     } else {
 #if defined(CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK)
         if (cfg->cert_select_cb == NULL) {
-            ESP_LOGE(TAG, "Missing server certificate and/or key and no certificate selection callback is defined");
+            ESP_LOGE(TAG, "No cert select cb is defined");
         } else {
-            ESP_LOGD(TAG, "Missing server certificate and/or key, but certificate selection callback is defined. Callback MUST ALWAYS call mbedtls_ssl_set_hs_own_cert, or the handshake will abort!");
+            /* At this point Callback MUST ALWAYS call mbedtls_ssl_set_hs_own_cert, or the handshake will abort! */
+            ESP_LOGD(TAG, "Missing server cert and/or key, but cert selection cb is defined.");
             return ESP_OK;
         }
 #else

components/esp_https_server/include/esp_https_server.h

@@ -97,10 +97,8 @@ struct httpd_ssl_config {
     /** User callback for esp_https_server */
     esp_https_server_user_cb *user_cb;
 
-#if defined(CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK)
-    esp_tls_handshake_callback cert_select_cb; /*!< Certificate selection callback to use */
-#endif
     void *ssl_userdata; /*!< user data to add to the ssl context  */
+    esp_tls_handshake_callback cert_select_cb; /*!< Certificate selection callback to use */
 };
 
 typedef struct httpd_ssl_config httpd_ssl_config_t;
@@ -150,6 +148,8 @@ typedef struct httpd_ssl_config httpd_ssl_config_t;
     .session_tickets = false,                     \
     .use_secure_element = false,                  \
     .user_cb = NULL,                              \
+    .ssl_userdata = NULL,                         \
+    .cert_select_cb = NULL                        \
 }
 
 /**

components/esp_https_server/src/https_server.c

@@ -200,13 +200,13 @@ static httpd_ssl_ctx_t *create_secure_context(const struct httpd_ssl_config *con
     }
     esp_tls_cfg_server_t *cfg = (esp_tls_cfg_server_t *)calloc(1, sizeof(esp_tls_cfg_server_t));
     if (!cfg) {
-        goto free_ssl_ctx;
+        goto exit;
     }
 
     if (config->session_tickets) {
         if ( esp_tls_cfg_server_session_tickets_init(cfg) != ESP_OK ) {
             ESP_LOGE(TAG, "Failed to init session ticket support");
-            goto free_cfg;
+            goto exit;
         }
     }
 
@@ -228,7 +228,7 @@ static httpd_ssl_ctx_t *create_secure_context(const struct httpd_ssl_config *con
             cfg->cacert_bytes = config->cacert_len;
         } else {
             ESP_LOGE(TAG, "Could not allocate memory for client certificate authority");
-            goto free_cfg;
+            goto exit;
         }
     }
 
@@ -241,14 +241,14 @@ static httpd_ssl_ctx_t *create_secure_context(const struct httpd_ssl_config *con
             cfg->servercert_bytes = config->servercert_len;
         } else {
             ESP_LOGE(TAG, "Could not allocate memory for server certificate");
-            goto free_cacert;
+            goto exit;
         }
     } else {
 #if defined(CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK)
         if (config->cert_select_cb == NULL) {
 #endif
         ESP_LOGE(TAG, "No Server certificate supplied");
-        goto free_cacert;
+        goto exit;
 #if defined(CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK)
         } else {
             ESP_LOGW(TAG, "Server certificate not supplied, make sure to supply it in the certificate selection hook!");
@@ -260,39 +260,36 @@ static httpd_ssl_ctx_t *create_secure_context(const struct httpd_ssl_config *con
     cfg->use_secure_element = config->use_secure_element;
     if (!cfg->use_secure_element) {
         if (config->prvtkey_pem != NULL && config->prvtkey_len > 0) {
-            cfg->serverkey_buf = (unsigned char *) malloc(config->prvtkey_len);
+            cfg->serverkey_buf = malloc(config->prvtkey_len);
 
             if (cfg->serverkey_buf) {
                 memcpy((char *) cfg->serverkey_buf, config->prvtkey_pem, config->prvtkey_len);
                 cfg->serverkey_bytes = config->prvtkey_len;
             } else {
                 ESP_LOGE(TAG, "Could not allocate memory for server key");
-                goto free_servercert;
+                goto exit;
             }
         } else {
 #if defined(CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK)
             if (config->cert_select_cb == NULL) {
                 ESP_LOGE(TAG, "No Server key supplied and no certificate selection hook is present");
-                goto free_servercert;
+                goto exit;
             } else {
                 ESP_LOGW(TAG, "Server key not supplied, make sure to supply it in the certificate selection hook");
             }
 #else
             ESP_LOGE(TAG, "No Server key supplied");
-            goto free_servercert;
+            goto exit;
 #endif
         }
     }
 
     return ssl_ctx;
 
-free_servercert:
+exit:
     free((void *) cfg->servercert_buf);
-free_cacert:
     free((void *) cfg->cacert_buf);
-free_cfg:
     free(cfg);
-free_ssl_ctx:
     free(ssl_ctx);
     return NULL;
 }