Commit cf0a969a authored by Deomid Ryabkov's avatar Deomid Ryabkov Committed by Cesanta Bot

ESP8266 and ESP32 build image updates

ESP32: 2.0-r6
ESP8266: 2.0.0-1.5.0-r5

This brings updated mbedTLS with support for on-disk CA chains:
https://github.com/cesanta/mbedtls/compare/esp32_2.0-r5...esp32_2.0-r6
ESP8266 gets bigger rollup (ESP32 got those changes earlier, seems ok):
https://github.com/cesanta/mbedtls/compare/esp8266...esp8266_2.0.0-1.5.0-r5

Saves ~1.5K RAM for now, but will allow adding more roots to ca.pem without wasting RAM.

Refactored docker build for ESP8266 in the same way as was done earlier for ESP32.

PUBLISHED_FROM=db8eb0f91875d02266a8baaf1141c0d65eb59674
parent 06670d34
...@@ -4602,6 +4602,12 @@ static void mg_ssl_if_mbed_free_certs_and_keys(struct mg_ssl_if_ctx *ctx) { ...@@ -4602,6 +4602,12 @@ static void mg_ssl_if_mbed_free_certs_and_keys(struct mg_ssl_if_ctx *ctx) {
} }
if (ctx->ca_cert != NULL) { if (ctx->ca_cert != NULL) {
mbedtls_ssl_conf_ca_chain(ctx->conf, NULL, NULL); mbedtls_ssl_conf_ca_chain(ctx->conf, NULL, NULL);
#ifdef MBEDTLS_X509_CA_CHAIN_ON_DISK
if (ctx->ca_cert->ca_chain_file != NULL) {
MG_FREE((void *) ctx->ca_cert->ca_chain_file);
ctx->ca_cert->ca_chain_file = NULL;
}
#endif
mbedtls_x509_crt_free(ctx->ca_cert); mbedtls_x509_crt_free(ctx->ca_cert);
MG_FREE(ctx->ca_cert); MG_FREE(ctx->ca_cert);
ctx->ca_cert = NULL; ctx->ca_cert = NULL;
...@@ -4687,9 +4693,16 @@ static enum mg_ssl_if_result mg_use_ca_cert(struct mg_ssl_if_ctx *ctx, ...@@ -4687,9 +4693,16 @@ static enum mg_ssl_if_result mg_use_ca_cert(struct mg_ssl_if_ctx *ctx,
} }
ctx->ca_cert = (mbedtls_x509_crt *) MG_CALLOC(1, sizeof(*ctx->ca_cert)); ctx->ca_cert = (mbedtls_x509_crt *) MG_CALLOC(1, sizeof(*ctx->ca_cert));
mbedtls_x509_crt_init(ctx->ca_cert); mbedtls_x509_crt_init(ctx->ca_cert);
#ifdef MBEDTLS_X509_CA_CHAIN_ON_DISK
ca_cert = strdup(ca_cert);
if (mbedtls_x509_crt_set_ca_chain_file(ctx->ca_cert, ca_cert) != 0) {
return MG_SSL_ERROR;
}
#else
if (mbedtls_x509_crt_parse_file(ctx->ca_cert, ca_cert) != 0) { if (mbedtls_x509_crt_parse_file(ctx->ca_cert, ca_cert) != 0) {
return MG_SSL_ERROR; return MG_SSL_ERROR;
} }
#endif
mbedtls_ssl_conf_ca_chain(ctx->conf, ctx->ca_cert, NULL); mbedtls_ssl_conf_ca_chain(ctx->conf, ctx->ca_cert, NULL);
mbedtls_ssl_conf_authmode(ctx->conf, MBEDTLS_SSL_VERIFY_REQUIRED); mbedtls_ssl_conf_authmode(ctx->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
return MG_SSL_OK; return MG_SSL_OK;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment