Add esp_tls_init_global_ca_store function to esp-tls, called from esp_tls_set_global_ca_store

Signed-off-by: Chirag Atal <chirag.atal@espressif.com>

Merges https://github.com/espressif/esp-idf/pull/2654
This commit is contained in:
Paul Reimer 2018-11-01 11:11:16 -07:00 committed by bot
parent b173cf2817
commit a1204f8b16
2 changed files with 38 additions and 12 deletions

View File

@ -141,22 +141,33 @@ err_freeaddr:
return ret;
}
esp_err_t esp_tls_init_global_ca_store()
{
if (global_cacert == NULL) {
global_cacert = (mbedtls_x509_crt *)calloc(1, sizeof(mbedtls_x509_crt));
if (global_cacert == NULL) {
ESP_LOGE(TAG, "global_cacert not allocated");
return ESP_ERR_NO_MEM;
}
mbedtls_x509_crt_init(global_cacert);
}
return ESP_OK;
}
esp_err_t esp_tls_set_global_ca_store(const unsigned char *cacert_pem_buf, const unsigned int cacert_pem_bytes)
{
int ret;
if (cacert_pem_buf == NULL) {
ESP_LOGE(TAG, "cacert_pem_buf is null");
return ESP_ERR_INVALID_ARG;
}
if (global_cacert != NULL) {
mbedtls_x509_crt_free(global_cacert);
}
global_cacert = (mbedtls_x509_crt *)calloc(1, sizeof(mbedtls_x509_crt));
if (global_cacert == NULL) {
ESP_LOGE(TAG, "global_cacert not allocated");
return ESP_ERR_NO_MEM;
ret = esp_tls_init_global_ca_store();
if (ret != ESP_OK) {
return ret;
}
}
mbedtls_x509_crt_init(global_cacert);
int ret = mbedtls_x509_crt_parse(global_cacert, cacert_pem_buf, cacert_pem_bytes);
ret = mbedtls_x509_crt_parse(global_cacert, cacert_pem_buf, cacert_pem_bytes);
if (ret < 0) {
ESP_LOGE(TAG, "mbedtls_x509_crt_parse returned -0x%x\n\n", -ret);
mbedtls_x509_crt_free(global_cacert);

View File

@ -260,10 +260,25 @@ void esp_tls_conn_delete(esp_tls_t *tls);
size_t esp_tls_get_bytes_avail(esp_tls_t *tls);
/**
* @brief Create a global CA store with the buffer provided in cfg.
* @brief Create a global CA store, initially empty.
*
* This function should be called if the application wants to use the same CA store for
* multiple connections. The application must call this function before calling esp_tls_conn_new().
* This function should be called if the application wants to use the same CA store for multiple connections.
* This function initialises the global CA store which can be then set by calling esp_tls_set_global_ca_store().
* To be effective, this function must be called before any call to esp_tls_set_global_ca_store().
*
* @return
* - ESP_OK if creating global CA store was successful.
* - ESP_ERR_NO_MEM if an error occured when allocating the mbedTLS resources.
*/
esp_err_t esp_tls_init_global_ca_store();
/**
* @brief Set the global CA store with the buffer provided in pem format.
*
* This function should be called if the application wants to set the global CA store for
* multiple connections i.e. to add the certificates in the provided buffer to the certificate chain.
* This function implicitly calls esp_tls_init_global_ca_store() if it has not already been called.
* The application must call this function before calling esp_tls_conn_new().
*
* @param[in] cacert_pem_buf Buffer which has certificates in pem format. This buffer
* is used for creating a global CA store, which can be used
@ -271,7 +286,7 @@ size_t esp_tls_get_bytes_avail(esp_tls_t *tls);
* @param[in] cacert_pem_bytes Length of the buffer.
*
* @return
* - ESP_OK if creating global CA store was successful.
* - ESP_OK if adding certificates was successful.
* - Other if an error occured or an action must be taken by the calling process.
*/
esp_err_t esp_tls_set_global_ca_store(const unsigned char *cacert_pem_buf, const unsigned int cacert_pem_bytes);