Cert bundle is periodically updated with the upstream Mozilla's NSS
root cert store. Retracted certs are moved to deprecated list now and
an additional config allows to include them in the default bundle. New
config is kept default disabled but can be enabled if one would like
to ensure 100% compatibility w.r.t. cert bundle across IDF minor or
patch releases. In IDF major release the deprecated list shall be reset.
Previously with HTTPD_SSL_CONFIG_DEFAULT being a MACRO, the
configuration options could not be applied to it. This was casuing
error in multiple scenarios. For e.g., here user_cert_cb is a part
of httpd_ssl_config_t which this macro defines. But the type of
user_cert_cb (esp_tls_server_callback_t) is only available when it is enabled
in esp-tls. The MACRO however cannot be modified to set the defaults
based on configuration option. This fix solves the issue without
breaking the compatibility
* All components which won't build (yet) on Linux are excluded.
This enables switching to Linux in an application without
explicitly setting COMPONENTS to main in the main
CMakeLists.txt.
* ESP Timer provides headers for Linux now
* automatically disabling LWIP in Kconfig if it is not available
doc(linux): brought section
"Component Linux/Mock Support Overview" up to date
Protocol examples used to raise an error if the target was not set
and `idf.py build` command was used. This commit fix this error
and when IDF_TARGET is not set, ESP32 is selected as default target
For ESP certificate bundle case, the certificate failure error from
underlying TLS stack was not being tracked. Added the fix and also
updated example code showcasing how to retrieve it.
Closes https://github.com/espressif/esp-idf/issues/12034
1. Fix potential out-of-bounds access when calling `strlen(local_response_buffer)`
if `content_length` is greater than or equal to the length of `local_response_buffer`
due to missing the terminator `\0` at the last character position.
2. Fix the residual data issue when the previous request is longer than the subsequent
request while outputting the `local_response_buffer` for each request in the
`http_rest_with_url()` function.
Signed-off-by: Harshit Malpani <harshit.malpani@espressif.com>
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ciphersuite support
seems to be removed from howsmyssl.com. Add more ciphersuites in
server_supported_ciphersuites in https_request example to fix failures
while connecting to howsmyssl.
Fix build issue in mbedTLS dynamic buffer feature with
`CONFIG_MBEDTLS_DHM_C` enabled case. Also added a build
configuration for the test coverage.
Closes https://github.com/espressif/esp-idf/issues/11770
Fix unsigned integer overflow when `content_length` is -1.
The proposed change is to modify the format specifier for content_length from PRIu64 to PRId64, which will print the signed value as a 64-bit integer instead.
