The previous PEAP client behavior allowed the server to skip Phase 2
authentication with the expectation that the server was authenticated
during Phase 1 through TLS server certificate validation. Various PEAP
specifications are not exactly clear on what the behavior on this front
is supposed to be and as such, this ended up being more flexible than
the TTLS/FAST/TEAP cases. However, this is not really ideal when
unfortunately common misconfiguration of PEAP is used in deployed
devices where the server trust root (ca_cert) is not configured or the
user has an easy option for allowing this validation step to be skipped.
Change the default PEAP client behavior to be to require Phase 2
authentication to be successfully completed for cases where TLS session
resumption is not used and the client certificate has not been
configured. Those two exceptions are the main cases where a deployed
authentication server might skip Phase 2 and as such, where a more
strict default behavior could result in undesired interoperability
issues. Requiring Phase 2 authentication will end up disabling TLS
session resumption automatically to avoid interoperability issues.
Allow Phase 2 authentication behavior to be configured with a new phase1
configuration parameter option:
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
tunnel) behavior for PEAP:
* 0 = do not require Phase 2 authentication
* 1 = require Phase 2 authentication when client certificate
(private_key/client_cert) is no used and TLS session resumption was
not used (default)
* 2 = require Phase 2 authentication in all cases
As pointed out in PR #13134 by @MatthiasKunnen, there is a deadlock in
`s_i2c_synchronous_transaction()` if `s_i2c_transaction_start()` should fail
because, on error, s_i2c_synchronous_transaction() returns before releasing the
lock.
This commit fixes the deadlock without any other changes.
Closes: #13387
Signed-off-by: Eric Wheeler <esp-idf@z.ewheeler.org>
doc(rmt): clarification on payload memory management and isr latency impact
Closes IDFGH-10396 and IDFGH-12068
See merge request espressif/esp-idf!24755
This commit adds the ability to use LP ROM functions from the LP core.
This allows the LP core code to utilize standard functions such as those
for printing from the LP ROM and therefore help reduce the code size on
the LP core.
This commit updates the dependency for
CONFIG_FREERTOS_TASK_FUNCTION_WRAPPER to be dependent explicitly on
CONFIG_ESP_SYSTEM_PANIC_GDBSTUB or CONFIG_ESP_SYSTEM_GDBSTUB_RUNTIME
instead of CONFIG_ESP_GDBSTUB_ENABLED which caused FreeRTOS Task
Function Wrappers to be enabled even if the esp_gdbstub component was
part of the build.
feat(esp_hw_support): esp32p4 sleep support (Stage 1: support basic pmu sleep function 💤)
Closes IDF-7528 and IDF-7527
See merge request espressif/esp-idf!28196