Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(websocket): Support DS peripheral for mutual TLS (IDFGH-12285) #520

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

johanstokking
Copy link
Contributor

@johanstokking johanstokking commented Mar 6, 2024

Fantastic project guys. Here's something I use that you might want to take into consideration: supporting the DS peripheral for mutual TLS.

Example usage with https://github.com/espressif/esp_secure_cert_mgr/:

    char *client_cert = NULL;
    uint32_t client_cert_len = 0;
    esp_err_t ret = esp_secure_cert_get_device_cert(&client_cert, &client_cert_len);
    assert(esp_ret == ESP_OK);

    esp_ds_data_ctx_t *ds_data = esp_secure_cert_get_ds_ctx();
    assert(ds_data != NULL);

    esp_websocket_client_config_t config = {
        .uri = "wss://echo.websocket.org",
        .client_cert = client_cert, /* in this example it's PEM so client_cert_len is not set */
        .client_ds_data = ds_data,
        .crt_bundle_attach = esp_crt_bundle_attach,
    };

I considered adding this to the example project, but I feel like it gets bloated quickly with dependencies and ifdefs.

@CLAassistant
Copy link

CLAassistant commented Mar 6, 2024

CLA assistant check
All committers have signed the CLA.

@github-actions github-actions bot changed the title feat(websocket): Support DS peripheral for mutual TLS feat(websocket): Support DS peripheral for mutual TLS (IDFGH-12285) Mar 6, 2024
@@ -519,6 +522,10 @@ static esp_err_t esp_websocket_client_create_transport(esp_websocket_client_hand
} else {
esp_transport_ssl_set_client_key_data_der(ssl, client->config->client_key, client->config->client_key_len);
}
#if CONFIG_ESP_TLS_USE_DS_PERIPHERAL
} else if (client->config->client_ds_data) {
esp_transport_ssl_set_ds_data(ssl, client->config->client_ds_data);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The signature here is:

void esp_transport_ssl_set_ds_data(esp_transport_handle_t t, void *ds_data)

Hence I'm using void * and not esp_ds_data_ctx_t * to avoid a dependency on Mbed TLS.

@johanstokking
Copy link
Contributor Author

@gabsuren Can you shed some light on this? Thanks!

@gabsuren
Copy link
Contributor

@gabsuren Can you shed some light on this? Thanks!

Sorry for the late response, it's on the line with #621

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants