alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-09-18 18:06:27 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge 3673d82e60 into 3c99557eee

Browse Source
This commit is contained in:
Frank Mertens 2024-09-15 12:46:33 +08:00 committed by GitHub
commit ae447cd4cc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
components/esp-tls/Kconfig
View File

@ -115,4 +115,12 @@ menu "ESP-TLS"
help
Enable detailed debug prints for wolfSSL SSL library.
config ESP_WOLFSSL_OCSP_CHECKALL
bool "Enabled full OCSP checks for wolfSSL"
depends on ESP_TLS_USING_WOLFSSL
default y
help
Enable a fuller set of OCSP checks: checking revocation status of intermediate certificates,
optional fallbacks to CRLs, etc.
endmenu

6
components/esp-tls/esp_tls_wolfssl.c
View File

@ -316,8 +316,12 @@ static esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls
}
#ifdef CONFIG_WOLFSSL_HAVE_OCSP
int ocsp_options = 0;
#ifdef CONFIG_ESP_WOLFSSL_OCSP_CHECKALL
ocsp_options |= WOLFSSL_OCSP_CHECKALL;
#endif
/* enable OCSP certificate status check for this TLS context */
if ((ret = wolfSSL_CTX_EnableOCSP((WOLFSSL_CTX *)tls->priv_ctx, WOLFSSL_OCSP_CHECKALL)) != WOLFSSL_SUCCESS) {
if ((ret = wolfSSL_CTX_EnableOCSP((WOLFSSL_CTX *)tls->priv_ctx, ocsp_options)) != WOLFSSL_SUCCESS) {
ESP_LOGE(TAG, "wolfSSL_CTX_EnableOCSP failed, returned %d", ret);
return ESP_ERR_WOLFSSL_CTX_SETUP_FAILED;
}