ESP8266 and ESP32 build image updates

ESP32: 2.0-r6 ESP8266: 2.0.0-1.5.0-r5 This brings updated mbedTLS with support for on-disk CA chains: https://github.com/cesanta/mbedtls/compare/esp32_2.0-r5...esp32_2.0-r6 ESP8266 gets bigger rollup (ESP32 got those changes earlier, seems ok): https://github.com/cesanta/mbedtls/compare/esp8266...esp8266_2.0.0-1.5.0-r5 Saves ~1.5K RAM for now, but will allow adding more roots to ca.pem without wasting RAM. Refactored docker build for ESP8266 in the same way as was done earlier for ESP32. PUBLISHED_FROM=db8eb0f91875d02266a8baaf1141c0d65eb59674
2025-01-16 20:41:20 +08:00 · 2017-05-25 18:05:18 +01:00 · 2017-05-25 18:05:18 +01:00 · cf0a969a65
commit cf0a969a65
parent 06670d3401
1 changed files with 13 additions and 0 deletions
--- a/mongoose.c
+++ b/mongoose.c
@ -4602,6 +4602,12 @@ static void mg_ssl_if_mbed_free_certs_and_keys(struct mg_ssl_if_ctx *ctx) {
  }
  if (ctx->ca_cert != NULL) {
    mbedtls_ssl_conf_ca_chain(ctx->conf, NULL, NULL);
+#ifdef MBEDTLS_X509_CA_CHAIN_ON_DISK
+    if (ctx->ca_cert->ca_chain_file != NULL) {
+      MG_FREE((void *) ctx->ca_cert->ca_chain_file);
+      ctx->ca_cert->ca_chain_file = NULL;
+    }
+#endif
    mbedtls_x509_crt_free(ctx->ca_cert);
    MG_FREE(ctx->ca_cert);
    ctx->ca_cert = NULL;
@ -4687,9 +4693,16 @@ static enum mg_ssl_if_result mg_use_ca_cert(struct mg_ssl_if_ctx *ctx,
  }
  ctx->ca_cert = (mbedtls_x509_crt *) MG_CALLOC(1, sizeof(*ctx->ca_cert));
  mbedtls_x509_crt_init(ctx->ca_cert);
+#ifdef MBEDTLS_X509_CA_CHAIN_ON_DISK
+  ca_cert = strdup(ca_cert);
+  if (mbedtls_x509_crt_set_ca_chain_file(ctx->ca_cert, ca_cert) != 0) {
+    return MG_SSL_ERROR;
+  }
+#else
  if (mbedtls_x509_crt_parse_file(ctx->ca_cert, ca_cert) != 0) {
    return MG_SSL_ERROR;
  }
+#endif
  mbedtls_ssl_conf_ca_chain(ctx->conf, ctx->ca_cert, NULL);
  mbedtls_ssl_conf_authmode(ctx->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
  return MG_SSL_OK;