From cf0a969a65b9a3772d01a63d32de404a0e9c5202 Mon Sep 17 00:00:00 2001
From: Deomid Ryabkov <rojer@cesanta.com>
Date: Thu, 25 May 2017 18:05:18 +0100
Subject: [PATCH] ESP8266 and ESP32 build image updates
ESP32: 2.0-r6
ESP8266: 2.0.0-1.5.0-r5
This brings updated mbedTLS with support for on-disk CA chains:
https://github.com/cesanta/mbedtls/compare/esp32_2.0-r5...esp32_2.0-r6
ESP8266 gets bigger rollup (ESP32 got those changes earlier, seems ok):
https://github.com/cesanta/mbedtls/compare/esp8266...esp8266_2.0.0-1.5.0-r5
Saves ~1.5K RAM for now, but will allow adding more roots to ca.pem without wasting RAM.
Refactored docker build for ESP8266 in the same way as was done earlier for ESP32.
PUBLISHED_FROM=db8eb0f91875d02266a8baaf1141c0d65eb59674
---
mongoose.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/mongoose.c b/mongoose.c
index aaadc2ba8..dc8170d6d 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -4602,6 +4602,12 @@ static void mg_ssl_if_mbed_free_certs_and_keys(struct mg_ssl_if_ctx *ctx) {
}
if (ctx->ca_cert != NULL) {
mbedtls_ssl_conf_ca_chain(ctx->conf, NULL, NULL);
+#ifdef MBEDTLS_X509_CA_CHAIN_ON_DISK
+ if (ctx->ca_cert->ca_chain_file != NULL) {
+ MG_FREE((void *) ctx->ca_cert->ca_chain_file);
+ ctx->ca_cert->ca_chain_file = NULL;
+ }
+#endif
mbedtls_x509_crt_free(ctx->ca_cert);
MG_FREE(ctx->ca_cert);
ctx->ca_cert = NULL;
@@ -4687,9 +4693,16 @@ static enum mg_ssl_if_result mg_use_ca_cert(struct mg_ssl_if_ctx *ctx,
}
ctx->ca_cert = (mbedtls_x509_crt *) MG_CALLOC(1, sizeof(*ctx->ca_cert));
mbedtls_x509_crt_init(ctx->ca_cert);
+#ifdef MBEDTLS_X509_CA_CHAIN_ON_DISK
+ ca_cert = strdup(ca_cert);
+ if (mbedtls_x509_crt_set_ca_chain_file(ctx->ca_cert, ca_cert) != 0) {
+ return MG_SSL_ERROR;
+ }
+#else
if (mbedtls_x509_crt_parse_file(ctx->ca_cert, ca_cert) != 0) {
return MG_SSL_ERROR;
}
+#endif
mbedtls_ssl_conf_ca_chain(ctx->conf, ctx->ca_cert, NULL);
mbedtls_ssl_conf_authmode(ctx->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
return MG_SSL_OK;
--
GitLab