Add esp_tls_init_global_ca_store function to esp-tls #2654
Conversation
…_tls_set_global_ca_store
| @@ -150,13 +163,11 @@ esp_err_t esp_tls_set_global_ca_store(const unsigned char *cacert_pem_buf, const | |||
| if (global_cacert != NULL) { | |||
| mbedtls_x509_crt_free(global_cacert); | |||
| } | |||
There was a problem hiding this comment.
@paulreimer Could you move this global_cacert check and the corresponding free inside the new esp_tls_init_global_ca_store() API at the beginning? And the remove the initial NULL check from there.
There was a problem hiding this comment.
Hi @chiragatal -- I can do this, but then repeated calls to esp_tls_init_global_ca_store() will wipe the store if it was already configured, e.g. you can't run it multiple times. Right now repeated calls to esp_tls_set_global_ca_store will wipe the store, but init is no-op if it is already allocated. Should I change it to the new behaviour?
There was a problem hiding this comment.
esp_tls_free_global_ca_store() is already present. So this looks fine. You need not change the behaviour.
…_tls_set_global_ca_store Signed-off-by: Chirag Atal <chirag.atal@espressif.com> Merges #2654
|
@paulreimer Thanks for your contribution. Change is merged with a1204f8 |
called from
esp_tls_set_global_ca_store. (ifglobal_cacerthas already been initialized, re-initialize it -- same behaviour as before).Having
esp_tls_init_global_ca_storefunction allows allocating the mbedTLS certificate chain, but to manage it directly with mbedTLS APIs (in my use case, I only have der format certs, but I still need the cert chain initialized first, before adding them).