espressif/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-04-28 03:23:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(esp_http_server): Allow the https server to request client certs optionally

Browse Source 
Closes https://github.com/espressif/esp-idf/pull/17641
This commit is contained in:
0xFEEDC0DE64
2025-09-23 17:07:05 +02:00
committed by Ashish Sharma
parent 82e525ef3e
commit 2ed84eb04b
22 changed files with 428 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/esp_https_server/include/esp_https_server.h
+16
View File
@@ -91,6 +91,11 @@ struct httpd_ssl_config {
/** CA certificate byte length */
size_t cacert_len;
#ifdef CONFIG_ESP_TLS_SERVER_MIN_AUTH_MODE_OPTIONAL
/** Client certificate authentication mode */
bool client_cert_authmode_optional;
#endif // CONFIG_ESP_TLS_SERVER_MIN_AUTH_MODE_OPTIONAL
/** Private key */
const uint8_t *prvtkey_pem;
@@ -145,6 +150,16 @@ struct httpd_ssl_config {
typedef struct httpd_ssl_config httpd_ssl_config_t;
/**
* Helper macro for optional client certificate authentication field
*/
#ifdef CONFIG_ESP_TLS_SERVER_MIN_AUTH_MODE_OPTIONAL
#define HTTPD_SSL_CONFIG_CLIENT_AUTH_OPTIONAL_INIT \
.client_cert_authmode_optional = false,
#else
#define HTTPD_SSL_CONFIG_CLIENT_AUTH_OPTIONAL_INIT
#endif
/**
* Default config struct init
* Notes:
@@ -188,6 +203,7 @@ typedef struct httpd_ssl_config httpd_ssl_config_t;
.servercert_len = 0, \
.cacert_pem = NULL, \
.cacert_len = 0, \
HTTPD_SSL_CONFIG_CLIENT_AUTH_OPTIONAL_INIT \
.prvtkey_pem = NULL, \
.prvtkey_len = 0, \
.use_ecdsa_peripheral = false, \
components/esp_https_server/src/https_server.c
+3
View File
@@ -278,6 +278,9 @@ static esp_err_t create_secure_context(const struct httpd_ssl_config *config, ht
cfg->userdata = config->ssl_userdata;
cfg->alpn_protos = config->alpn_protos;
cfg->tls_handshake_timeout_ms = config->tls_handshake_timeout_ms;
#ifdef CONFIG_ESP_TLS_SERVER_MIN_AUTH_MODE_OPTIONAL
cfg->client_cert_authmode_optional = config->client_cert_authmode_optional;
#endif // CONFIG_ESP_TLS_SERVER_MIN_AUTH_MODE_OPTIONAL
#if defined(CONFIG_ESP_HTTPS_SERVER_CERT_SELECT_HOOK)
cfg->cert_select_cb = config->cert_select_cb;