Merge branch 'bugfix/fix_build_failure_with_tls1_3_only' into 'master'

fix: Fixed build errors with TLS 1.3 only configuration See merge request espressif/esp-idf!32090
espressif · Jul 24, 2024 · 3aaac6c · 3aaac6c
2 parents 346f31c + 61d1077
commit 3aaac6c
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 1 deletion.
diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
@@ -771,7 +771,7 @@ menu "mbedTLS"
 
     config MBEDTLS_SSL_RENEGOTIATION
         bool "Support TLS renegotiation"
-        depends on MBEDTLS_TLS_ENABLED
+        depends on MBEDTLS_TLS_ENABLED && MBEDTLS_SSL_PROTO_TLS1_2
         default y
         help
             The two main uses of renegotiation are (1) refresh keys on long-lived

diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c b/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c
@@ -249,6 +249,7 @@ static uint16_t tls_sig_algs_for_suiteb[] = {
 #endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA384 */
 #endif /* CONFIG_TLSV13 */
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 #if defined(MBEDTLS_SHA512_C)
 #if defined(MBEDTLS_ECDSA_C)
     MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512),
@@ -259,6 +260,7 @@ static uint16_t tls_sig_algs_for_suiteb[] = {
     MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384),
 #endif
 #endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
     MBEDTLS_TLS_SIG_NONE
 };
 
@@ -336,6 +338,7 @@ static uint16_t tls_sig_algs_for_eap[] = {
 #endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 */
 #endif /* CONFIG_TLSV13 */
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 #if defined(MBEDTLS_SHA512_C)
 #if defined(MBEDTLS_ECDSA_C)
     MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512),
@@ -364,6 +367,7 @@ static uint16_t tls_sig_algs_for_eap[] = {
     MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA1),
 #endif
 #endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
     MBEDTLS_TLS_SIG_NONE
 };
 

diff --git a/examples/protocols/esp_http_client/sdkconfig.ci.tls13_only b/examples/protocols/esp_http_client/sdkconfig.ci.tls13_only
@@ -0,0 +1,14 @@
+CONFIG_EXAMPLE_CONNECT_ETHERNET=y
+CONFIG_EXAMPLE_CONNECT_WIFI=n
+CONFIG_EXAMPLE_USE_INTERNAL_ETHERNET=y
+CONFIG_EXAMPLE_ETH_PHY_IP101=y
+CONFIG_EXAMPLE_ETH_MDC_GPIO=23
+CONFIG_EXAMPLE_ETH_MDIO_GPIO=18
+CONFIG_EXAMPLE_ETH_PHY_RST_GPIO=5
+CONFIG_EXAMPLE_ETH_PHY_ADDR=1
+CONFIG_EXAMPLE_CONNECT_IPV6=y
+CONFIG_ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH=y
+CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH=y
+CONFIG_EXAMPLE_HTTP_ENDPOINT="httpbin.espressif.cn"
+CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
+CONFIG_MBEDTLS_SSL_PROTO_TLS1_3=y