esp-idf

mirror of https://github.com/espressif/esp-idf.git synced 2025-10-25 11:23:22 +00:00

Author	SHA1	Message	Date
Ashish Sharma	605206b69f	feat(mbedtls): new config to allow weak cert verification	2025-04-16 09:50:24 +08:00
Ashish Sharma	7578913742	feat(mbedtls): update to version 3.6.3	2025-04-16 09:50:24 +08:00
Harshit Malpani	aece182482	fix: Fix error logging formatting bug for nano formatting Closes https://github.com/espressif/esp-idf/issues/13604	2024-04-23 00:02:46 +05:30
Harshit Malpani	9274e3e620	fix(esp-tls): capture errors in error handle	2024-02-14 14:36:14 +05:30
Aditya Patwardhan	e2d5b323ca	fix(esp_tls): Fixed client key parsing for ECC key Client key parsing for ECC keys was failing as the RNG supplied to the key parsing API was uninitialized. This commit fixes that behaviour	2024-01-23 13:40:57 +08:00
Aditya Patwardhan	5ce93aa257	fix(esp_tls): Refactor esp-tls to remove ESP_TLS_SERVER config option	2023-10-26 09:30:13 +00:00
Harshit Malpani	27681a5073	fix(esp-tls): Use TLS 1.2 and TLS 1.3 simultaneously This commit fixes the issue with TLS 1.2 connection when TLS 1.3 is enabled in config.	2023-10-23 16:23:10 +05:30
Harshit Malpani	692e1a9e61	feat: ECDSA peripheral while performing http connection with mutual auth	2023-09-08 12:22:41 +05:30
Mahavir Jain	200cf10373	Merge branch 'bugfix/fix_error_while_ota_over_tls_1_3_connection' into 'master' fix: fix error while performing OTA over TLS 1.3 connection Closes IDFGH-10451 See merge request espressif/esp-idf!24847	2023-08-16 20:28:19 +08:00
Mahavir Jain	29a4b05cba	Merge branch 'contrib/github_pr_11923' into 'master' fix(esp-tls): fix pointer cast and condition for CONFIG_ATECC608A_TCUSTOM (GitHub PR) Closes IDFGH-10697 See merge request espressif/esp-idf!25348	2023-08-16 14:19:46 +08:00
Harshit Malpani	11715c5caf	fix(esp-tls): Retry reads if using session tickets with TLS 1.3 Fixed the error that occurred while performing OTA upgrades over TLS 1.3 connection. After handshake is completed, post-handshake message is received and internal state is changed. While performing mbedtls_ssl_read(), it checks handshake state and if it is not MBEDTLS_SSL_HANDSHAKE_OVER, mbedtls_ssl_handshake is called again.	2023-08-16 11:26:58 +05:30
Alex	6704566476	fix(esp-tls): fix pointer cast and condition for CONFIG_ATECC608A_TCUSTOM Closes https://github.com/espressif/esp-idf/pull/11923	2023-08-14 16:20:20 +05:30
Mahavir Jain	ea3bb21cf7	fix(esp-tls): fix the certificate check failure logging for cert bundle case For ESP certificate bundle case, the certificate failure error from underlying TLS stack was not being tracked. Added the fix and also updated example code showcasing how to retrieve it. Closes https://github.com/espressif/esp-idf/issues/12034	2023-08-11 17:27:01 +05:30
KonstantinKondrashov	e72061695e	all: Removes unnecessary newline character in logs Closes https://github.com/espressif/esp-idf/issues/11465	2023-06-09 03:31:21 +08:00
Mahavir Jain	b5055b9bfa	Merge branch 'feature/add_mbedtls_ciphersuites_set_get_api' into 'master' esp-tls: Add config and api to set and get ciphersuites list Closes IDF-7183 See merge request espressif/esp-idf!23320	2023-04-28 13:01:59 +08:00
yuanjianmin	f74447103f	esp-tls: Add config and api to set and get ciphersuites list	2023-04-27 19:22:27 +08:00
Mahavir Jain	7fd1378fbb	esp_tls: add initial support for TLS 1.3 connection	2023-04-25 17:40:01 +05:30
boarchuz	0c85f7407e	fix preprocessor log condition in esp_tls_mbedtls	2023-03-30 14:08:57 +11:00
Harshit Malpani	43e4383bb7	esp-tls: fix build error without -Wno-format compile flag when building for Linux target	2023-01-04 11:17:27 +05:30
Nathan Phillips	057f5cb120	Distinguish 4 identical log messages Say which certificate couldn't be parsed in each one.	2022-12-08 10:31:28 +00:00
Aditya Patwardhan	8ad4de7991	esp-tls: Add changes to the Cert selection callback PR.	2022-11-03 07:17:05 +00:00
Akos Vandra	e9e3dc7904	esp-tls: Add support for the CERTIFICATE SELECTION HOOK. The hook has access to required information so that the application can make a more informed decision on which certificate to serve (such as alpn value, server certificate type, etc.) Closes https://github.com/espressif/esp-idf/pull/9833 Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>	2022-11-03 07:17:05 +00:00
yuanjianmin	ddbe6aa42a	esp-tls: Fix memory leak in mbedtls ds peripheral when MBEDTLS_THREADING_C enabled	2022-10-13 14:17:42 +08:00
Yuan Jian Min	9a97cfbffc	esp-tls: socket will be set to -1 and will not be closed Closes https://github.com/espressif/esp-idf/issues/9847	2022-09-26 19:15:04 +08:00
Laukik Hase	6319970ab7	esp_tls/wpa_supplicant: Updated deprecated mbedtls APIs	2022-08-24 11:59:34 +05:30
Aditya Patwardhan	2ea419db22	esp_tls_mbedtls.c: Fix esp-idf integration of esp-cryptoauthlib menuconfig option	2022-06-03 23:12:11 +05:30
Li Jingyi	6d58008119	esp-tls: add api to free client session Free session with mbedtls api to avoid mem-leak	2022-05-23 16:28:40 +08:00
Aditya Patwardhan	788c9ddf8d	esp_tls: Added getter function for esp_tls ssl ctx.	2022-05-11 07:09:34 +00:00
Aditya Patwardhan	434e74ff73	esp_tls: Make esp_tls_t as private structure.	2022-05-11 07:09:34 +00:00
Laukik Hase	d7090b4d52	https_server: Add config option to min. cert. auth mode - Added a config option to set the minimum Certificate Verification mode to Optional - When this option is enabled, the peer (the client) certificate is checked by the server, however the handshake continues even if verification failed. - By default, the peer certificate is not checked and ignored by the server. Closes https://github.com/espressif/esp-idf/issues/8664	2022-03-29 08:57:36 +00:00
Aditya Patwardhan	4c58685c00	esp_https_server: Enable secure element support. Closes https://github.com/espressif/esp-idf/issues/8286	2022-03-27 14:35:25 +05:30
Laukik Hase	f5feb7813e	mbedtls: Fix build errors related to TLS 1.3 - Kconfig: Enabled MBEDTLS_HKDF_C by default when TLS 1.3 support is enabled - esp-tls (mbedtls): Forced client to use TLS 1.3 when TLS 1.3 support is enabled	2022-03-03 01:37:10 +05:30
Aditya Patwardhan	60b167f2d6	mbedtls-3.1 update: Removed the `MBEDTLS_PRIVATE` from multiple files after they have been again made public in mbedtls-3.1 *Added `MBEDTLS_ALLOW_PRIVATE_ACCESS` in some files.	2022-03-03 01:37:10 +05:30
Aditya Patwardhan	3b71bd7326	mbedtls-3.0: Fixed ESP32 build issues - Added MBEDLTS_PRIVATE(...) wherever necessary - For functions like mbedtls_pk_parse_key(...), it is necessary to pass the RNG function pointers as parameter. Solved for dependent components: wpa_supplicant & openSSL - For libcoap, the SSLv2 ClientHello handshake method has been deprecated, need to handle this. Currently, corresponding snippet has been commented. - Examples tested: hello-world \| https_request \| wifi_prov_mgr mbedtls-3.0: Fixed ESP32-C3 & ESP32-S3 build issues - Removed MBEDTLS_DEPRECATED_REMOVED macro from sha1 port - DS peripheral: esp_ds_rsa_sign -> removed unsused 'mode' argument - Added MBEDTLS_PRIVATE(...) wherever required mbedtls-3.0: Fixed ESP32-S2 build issues - Fixed outdated function prototypes and usage in mbedlts/port/aes/esp_aes_gcm.c due to changes in GCM module mbedtls-3.0: Fixed ESP32-H2 build issues ci: Fixing build stage - Added MBEDTLS_PRIVATE(...) wherever required - Added RNG function parameter - Updated GCM Module changes - Updated Copyright notices - Tests: - build_esp_idf_tests_cmake_esp32 - build_esp_idf_tests_cmake_esp32s2 - build_esp_idf_tests_cmake_esp32c3 - build_esp_idf_tests_cmake_esp32s3 ci: Fixing build stage (mbedtls-related changes) - Added MBEDTLS_PRIVATE(...) wherever required - Updated SHAXXX functions - Updated esp_config according to mbedtls changes - Tests: - build_examples_cmake_esp32 - build_examples_cmake_esp32s2 - build_examples_cmake_esp32c3 - build_examples_cmake_esp32s3 ci: Fixing build stage (example-related changes) - Added MBEDTLS_PRIVATE(...) wherever required - Updated SHAXXX functions - Updated esp_config according to mbedtls changes - Tests: - build_examples_cmake_esp32 - build_examples_cmake_esp32s2 - build_examples_cmake_esp32c3 - build_examples_cmake_esp32s3 ci: Fixing target_test stage - Updated test SSL version to TLS_v1_2 - Tests: - example_test_protocols 1/2 ci: Fixing build stage - Added checks for MBEDTLS_DHM_C (disabled by default) - Updated esp_cryptoauthlib submodule - Updated factory partition size for legacy BLE provisioning example - Tests: - build_examples_cmake_esp32 - build_examples_cmake_esp32s2 - build_examples_cmake_esp32c3 - build_examples_cmake_esp32s3 Co-authored-by: Laukik Hase <laukik.hase@espressif.com>	2022-03-03 01:37:10 +05:30
Aditya Patwardhan	45122533e0	mbedtls-3 update: 1) Fix build issue in mbedtls 2) skip the public headers check in IDF 3)Update Kconfig Macros 4)Remove deprecated config options 5) Update the sha API according to new nomenclature 6) Update mbedtls_rsa_init usage 7) Include mbedtls/build_info.h instead of mbedtls/config.h 8) Dont include check_config.h 9) Add additional error message in esp_blufi_api.h	2022-03-03 01:37:10 +05:30
Laukik Hase	1d2b2b5879	feature: Added user callback for esp_https_server - Can be used to get connection or client information (SSL context) - E.g. Client certificate, Socket FD, Connection state, etc. - Added example callback for getting client certificate information in 'https_server/simple' example Closes https://github.com/espressif/esp-idf/issues/7479	2021-10-11 09:41:01 +05:30
Mahavir Jain	8b4c0e71a9	Merge branch 'feature/mbedtls_session_ticket_support' into 'master' Feature/mbedtls session ticket support Closes IDFGH-5288 and IDF-3242 See merge request espressif/esp-idf!14496	2021-09-17 09:59:02 +00:00
Aditya Patwardhan	b4e4b9f20d	Added support for client session tickets in esp-tls (with mbedtls) * client session tickets for individual tls connections are supported * reorganize the esp-tls error codes. * Update esp_err_to_name.c * Fix styling	2021-09-15 22:19:04 +05:30
Daniel Bahrdt	7e886ca9ed	Implement server session ticket support with mbedtls Closes https://github.com/espressif/esp-idf/pull/7048 Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>	2021-09-15 22:19:04 +05:30
Aditya Patwardhan	c6c2ea975f	Fix esp_mbedtls_write API Fix esp_wolfssl_write API Closes https://github.com/espressif/esp-idf/issues/7461	2021-09-15 21:40:54 +05:30
Aditya Patwardhan	0e01a22264	esp_tls_wolfssl: Improved error messages	2021-06-28 14:51:41 +05:30
Aditya Patwardhan	4af1176d15	esp_tls_mbedtls: Improved the error messages. The error message string for error codes is printedwhen log level is set to debug	2021-06-28 14:51:41 +05:30
Jan Brudny	967e057906	esp-tls, esp_http_client and esp_http_server: update copyright notice	2021-05-31 20:06:09 +08:00
Aditya Patwardhan	1abdfee3b7	secure_element: Update esp-cryptoauthlib submodule latest version. *This updates the cryptoauthlib version in the esp-cryptoauthlib to cryptoauthlib-v3.3.1	2021-05-24 07:28:20 +00:00
Aditya Patwardhan	bf513b6f31	Fix esp_tls: Prevent freeing of global ca store after each connection when dynamic ssl buffers are enabled	2021-02-25 00:26:13 +00:00
Aditya Patwardhan	0175c68400	esp_tls: Fix misplaced paranthesis in esp_tls_mbedtls.c Fixes one part of - https://github.com/espressif/esp-idf/issues/6440	2021-02-10 02:07:58 +00:00
Aditya Patwardhan	1a09e16af2	esp_tls: Fix memory leak when esp-tls server session is deleted	2021-01-21 01:17:23 +00:00
Aditya Patwardhan	cddb8c29e6	esp-tls: Fix mem leak when global_ca_store is freed	2021-01-21 01:17:23 +00:00
Aditya Patwardhan	0841d2bc75	esp_tls: Add warning if the CA chain provided contains one/more invalid cert	2021-01-11 03:20:35 +00:00
Aditya Patwardhan	ca964dfbcc	esp-tls: Changed default behaviour for esp-tls client ( for security purpose) By default esp-tls client will now return error if no server verify option is provided, earlier it used to skip the verification by default. Added config option to skip server verification by default (for testing purpose) Updated required docs	2021-01-05 07:33:32 +00:00

1 2

61 Commits