OpenSSL component will be discontinued in ESP-IDF v5.x. The only official TLS API will be esp-tls
Add docs warning about deprecation in v5.x
Removed all examples demonstrating usage of openssl in IDF
This defines the OpenSSL X509_CHECK_FLAG_...s and the set/clear
accessors. Since none of them are supported, the set / clear
accessor currently always does nothing and returns error.
This call is often part of the generic openssl user code to
set up certificate verification. This patch allows it to
compile for ESP32 and decide at runtime what to do about
unsupported flags.
Merges https://github.com/espressif/esp-idf/pull/980
This lets the user code set the mbedtls hostname using the standard OpenSSL
X509_VERIFY_PARAM_set1_host() API semantics.
The API takes an X509_VERIFY_PARAM pointer. We use the fact that is
a composed member of the SSL struct to derive the SSL pointer.
The X509_VERIFY_PARAM_set1_host() is unusual in that it can accept a
NUL terminated C string as usual, or a nonterminated pointer + length.
This implementation converts the latter to the former if given, before
using it.
This is enough for user code to get the openssl wrapper to make
mbedtls confirm the CN on the peer cert belongs to the hostname used
to reach it, by doing, eg
X509_VERIFY_PARAM_set1_host(SSL_get0_param(myssl), myhostname, 0);
Merges https://github.com/espressif/esp-idf/pull/980
This adds the standard OpenSSL api to get a pointer to the SSL struct's
X509_VERIFY_PARAM. We need this for the OpenSSL api to set the peer
hostname introduced in the next patch.
Part of https://github.com/espressif/esp-idf/pull/980
1. add openssl option at menuconfig
2. remove SSL_ERR to reduce complexity
3. add more functions about debugging and assert
According these, our coders and customers may use and debug the OpenSSL code easily.
1. add method of any version supporting at OpenSSL and add API in header file
2. change OpenSSL server context method to be method of any version
Fixes http://esp32.com/viewtopic.php?f=14&t=696.
1. add SSL session new and free function
2. add SSL session peer cert get and free operation
3. above all, change low-level cert object to be object point not object
1. add empty function to load private key into SSL context
2. add empty function to load certification into SSL context
3. add function to load RSA private key
1. add openssl 'new' and 'free' function
2. add clear unused variate to void warning to appear when compile
3. add internal function 'X509_new' to take the place of 'sk_X509_NAME_new_null' function whitch is openssl stack function