Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(websocket): Support DS peripheral for mutual TLS (IDFGH-12285) #520

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat(websocket): Support DS peripheral for mutual TLS (IDFGH-12285) #520

wants to merge 1 commit into from

Conversation

johanstokking
Copy link
Contributor

@johanstokking johanstokking commented Mar 6, 2024
edited
Loading

Fantastic project guys. Here's something I use that you might want to take into consideration: supporting the DS peripheral for mutual TLS.

Example usage with https://github.com/espressif/esp_secure_cert_mgr/:

    char *client_cert = NULL;
    uint32_t client_cert_len = 0;
    esp_err_t ret = esp_secure_cert_get_device_cert(&client_cert, &client_cert_len);
    assert(esp_ret == ESP_OK);

    esp_ds_data_ctx_t *ds_data = esp_secure_cert_get_ds_ctx();
    assert(ds_data != NULL);

    esp_websocket_client_config_t config = {
        .uri = "wss://echo.websocket.org",
        .client_cert = client_cert, /* in this example it's PEM so client_cert_len is not set */
        .client_ds_data = ds_data,
        .crt_bundle_attach = esp_crt_bundle_attach,
    };

I considered adding this to the example project, but I feel like it gets bloated quickly with dependencies and ifdefs.

@CLAassistant
Copy link

CLAassistant commented Mar 6, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@github-actions github-actions bot changed the title feat(websocket): Support DS peripheral for mutual TLS feat(websocket): Support DS peripheral for mutual TLS (IDFGH-12285) Mar 6, 2024
johanstokking
johanstokking commented Mar 6, 2024
View reviewed changes
components/esp_websocket_client/esp_websocket_client.c
@@ -519,6 +522,10 @@ static esp_err_t esp_websocket_client_create_transport(esp_websocket_client_hand
} else {
esp_transport_ssl_set_client_key_data_der(ssl, client->config->client_key, client->config->client_key_len);
}
#if CONFIG_ESP_TLS_USE_DS_PERIPHERAL
} else if (client->config->client_ds_data) {
esp_transport_ssl_set_ds_data(ssl, client->config->client_ds_data);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The signature here is:

void esp_transport_ssl_set_ds_data(esp_transport_handle_t t, void *ds_data)

Hence I'm using void * and not esp_ds_data_ctx_t * to avoid a dependency on Mbed TLS.

@johanstokking johanstokking force-pushed the feature/websocket/client_ds_data branch from a5c52f9 to 6ada58d Compare March 8, 2024 09:28
@johanstokking
Copy link
Contributor Author

@gabsuren Can you shed some light on this? Thanks!

@gabsuren gabsuren mentioned this pull request Jul 24, 2024
Draft
@gabsuren
Copy link
Contributor

@gabsuren Can you shed some light on this? Thanks!

Sorry for the late response, it's on the line with #621

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@euripedesrocha euripedesrocha

Labels
Status: Selected for Development
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@johanstokking @CLAassistant @gabsuren @euripedesrocha @tomassebestik @espressif-bot