- esp_tls_mbedtls: require cert when PSA-backed server/client key is set
- esp_tls_mbedtls: drop redundant pk_init/x509_crt_init (calloc handles it)
- psa SE driver: copy callbacks/opaque_key by value (no lifetime coupling)
- psa SE driver: replace atomic CAS with simple null check on register
- psa SE driver: use sig_len from sign callback with bounds validation
- psa SE driver: validate pubkey_len returned by export_pubkey callback
- psa SE driver: check hash sub-alg in RSA PKCS1V15 branch of validate_request
- psa SE driver: align secure_element_register_callbacks doc with value-copy impl
- esp_https_server: initialize server_key in HTTPD_SSL_CONFIG_DEFAULT
- mbedtls: move SECURE_ELEMENT_DRIVER_ENABLED to esp_config.h for parity
with ESP_ECDSA_DRIVER_ENABLED; drop target_compile_definitions
- docs: fix esp_tls_cfg_t -> esp_http_client_config_t cross-reference
- docs: check psa_import_key() status in ESP-TLS PSA example
- hints/error_output: point at CONFIG_MBEDTLS_SECURE_ELEMENT_DRIVER_ENABLED
Add ESP_KEY_SOURCE_BUFFER and ESP_KEY_SOURCE_PSA key sources so all
hardware backends (DS, ECDSA, secure element) are accessed via PSA
key IDs through a single esp_tls_cfg_t.client_key field.
Make it possible to disable http(s) server events. This improves
performance of the server, as http server creates events on every signle
read or write to the socket.
Added the option to define tls_handshake_timeout value
for the esp_tls_server_session_create API.
At the moment, the API gets stuck infinitely if
the handshake is blocked on recieving more data
and the peer connection has closed due to some issue.
Closes https://github.com/espressif/esp-idf/issues/14999
The HTTP server is not a critical component, it would be nice if we can
control the task caps by using configuration.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Signed-off-by: Harshit Malpani <harshit.malpani@espressif.com>
HTTPD_SSL_CONFIG_DEFAULT used to be a MACRO and hence used to return
a const pointer. With a recent change it started not returning a
const variable. This change reverts the function to its MACRO form.
Updated the https_server example to use static declration
Previously with HTTPD_SSL_CONFIG_DEFAULT being a MACRO, the
configuration options could not be applied to it. This was casuing
error in multiple scenarios. For e.g., here user_cert_cb is a part
of httpd_ssl_config_t which this macro defines. But the type of
user_cert_cb (esp_tls_server_callback_t) is only available when it is enabled
in esp-tls. The MACRO however cannot be modified to set the defaults
based on configuration option. This fix solves the issue without
breaking the compatibility
For simultaneous HTTP and HTTPS server use-case, default configurations
set same control socket port and hence one of the server initialization
fails with an error "error in creating control socket".
This commit modifies default initializers to use different control
socket port in HTTP vs HTTPS server case.
Closes https://github.com/espressif/esp-idf/issues/10160
Closes IDFGH-8719
- Can be used to get connection or client information (SSL context)
- E.g. Client certificate, Socket FD, Connection state, etc.
- Added example callback for getting client certificate information in 'https_server/simple' example
Closes https://github.com/espressif/esp-idf/issues/7479
The task that runs the HTTP server can now be pinned to a particular core by setting `core_id`
in the HTTP server configuration. By default, the core is set to `tskNO_AFFINITY`, meaning
it can run on any core.
Merges https://github.com/espressif/esp-idf/pull/3190
transport_mode accepts enum httpd_ssl_transport_t instead of true/false.
This will allow for extension to dual mode (server running on both secure and insecure ports) in the future.