- Example CA certificates that are used for self-signed client certificates
need to include the Key Usage parameter.
- Python3.13 changed the default context of the SSL context that is
generated using ssl.create_default_context() by enabling the VERIFY_X509_STRICT
flag by default
In this commit, esp_http_server's http_parser scratch is made dynamic.
User is asked to give limit size for header and URI, according to which
scratch buufer allocates memory upto limits
Currently, several example dependencies rely on the fact that all
registered components are added to the build, along with components
specified in common requirements. This results in longer build times
because even unused components must be built. Switch all examples to use
idf_minimal_build to compile only the components actually required by
the example.
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
Currently, several examples do not explicitly state their component
dependencies, relying instead on the default behavior that includes all
registered components and commonly required ones in the build.
Explicitly adding component dependencies can reduce build time when
set(COMPONENTS main) is used.
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
Previously with HTTPD_SSL_CONFIG_DEFAULT being a MACRO, the
configuration options could not be applied to it. This was casuing
error in multiple scenarios. For e.g., here user_cert_cb is a part
of httpd_ssl_config_t which this macro defines. But the type of
user_cert_cb (esp_tls_server_callback_t) is only available when it is enabled
in esp-tls. The MACRO however cannot be modified to set the defaults
based on configuration option. This fix solves the issue without
breaking the compatibility
Fix dependency tree so that lwip doesn't depend on any specific network
interface component.
Network interface drivers shall depend on esp_netif.
esp_netif shall depend on lwip (but not on any specific interface
driver) -- it optionally depends on vfs and esp_eth (need ethernet
header for L2/bridge mode)
This updates the minimal supported version of CMake to 3.16, which in turn enables us to use more CMake features and have a cleaner build system.
This is the version that provides most new features and also the one we use in our latest docker image for CI.
- Added a config option to set the minimum Certificate Verification
mode to Optional
- When this option is enabled, the peer (the client) certificate
is checked by the server, however the handshake continues even if
verification failed.
- By default, the peer certificate is not checked and ignored by the server.
Closes https://github.com/espressif/esp-idf/issues/8664
