mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
change(esp-tls): add option to enable/disable the full set of OCSP checks for wolfSSL
This commit is contained in:
parent
6673376297
commit
ba27281c3e
@ -115,4 +115,12 @@ menu "ESP-TLS"
|
|||||||
help
|
help
|
||||||
Enable detailed debug prints for wolfSSL SSL library.
|
Enable detailed debug prints for wolfSSL SSL library.
|
||||||
|
|
||||||
|
config ESP_TLS_OCSP_CHECKALL
|
||||||
|
bool "Enabled full OCSP checks for ESP-TLS"
|
||||||
|
depends on ESP_TLS_USING_WOLFSSL
|
||||||
|
default y
|
||||||
|
help
|
||||||
|
Enable a fuller set of OCSP checks: checking revocation status of intermediate certificates,
|
||||||
|
optional fallbacks to CRLs, etc.
|
||||||
|
|
||||||
endmenu
|
endmenu
|
||||||
|
@ -316,8 +316,12 @@ static esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_WOLFSSL_HAVE_OCSP
|
#ifdef CONFIG_WOLFSSL_HAVE_OCSP
|
||||||
|
int ocsp_options = 0;
|
||||||
|
#ifdef ESP_TLS_OCSP_CHECKALL
|
||||||
|
ocsp_options |= WOLFSSL_OCSP_CHECKALL;
|
||||||
|
#endif
|
||||||
/* enable OCSP certificate status check for this TLS context */
|
/* enable OCSP certificate status check for this TLS context */
|
||||||
if ((ret = wolfSSL_CTX_EnableOCSP((WOLFSSL_CTX *)tls->priv_ctx, WOLFSSL_OCSP_CHECKALL)) != WOLFSSL_SUCCESS) {
|
if ((ret = wolfSSL_CTX_EnableOCSP((WOLFSSL_CTX *)tls->priv_ctx, ocsp_options)) != WOLFSSL_SUCCESS) {
|
||||||
ESP_LOGE(TAG, "wolfSSL_CTX_EnableOCSP failed, returned %d", ret);
|
ESP_LOGE(TAG, "wolfSSL_CTX_EnableOCSP failed, returned %d", ret);
|
||||||
return ESP_ERR_WOLFSSL_CTX_SETUP_FAILED;
|
return ESP_ERR_WOLFSSL_CTX_SETUP_FAILED;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user