1 // Copyright 2017-2019 Espressif Systems (Shanghai) PTE LTD
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 
16 #ifndef _ESP_CRT_BUNDLE_H_
17 #define _ESP_CRT_BUNDLE_H_
18 
19 #include "mbedtls/ssl.h"
20 
21 #ifdef __cplusplus
22 extern "C" {
23 #endif
24 
25 
26 /**
27  * @brief      Attach and enable use of a bundle for certificate verification
28  *
29  * Attach and enable use of a bundle for certificate verification through a verification callback.
30  * If no specific bundle has been set through esp_crt_bundle_set() it will default to the
31  * bundle defined in menuconfig and embedded in the binary.
32  *
33  * @param[in]  conf      The config struct for the SSL connection.
34  *
35  * @return
36  *             - ESP_OK  if adding certificates was successful.
37  *             - Other   if an error occured or an action must be taken by the calling process.
38  */
39 esp_err_t esp_crt_bundle_attach(void *conf);
40 
41 
42 /**
43  * @brief      Disable and dealloc the certification bundle
44  *
45  * Removes the certificate verification callback and deallocates used resources
46  *
47  * @param[in]  conf      The config struct for the SSL connection.
48  */
49 void esp_crt_bundle_detach(mbedtls_ssl_config *conf);
50 
51 
52 /**
53  * @brief      Set the default certificate bundle used for verification
54  *
55  * Overrides the default certificate bundle. In most use cases the bundle should be
56  * set through menuconfig. The bundle needs to be sorted by subject name since binary search is
57  * used to find certificates.
58  *
59  * @param[in]  x509_bundle     A pointer to the certificate bundle.
60  */
61 void esp_crt_bundle_set(const uint8_t *x509_bundle);
62 
63 
64 #ifdef __cplusplus
65 }
66 #endif
67 
68 #endif //_ESP_CRT_BUNDLE_H_
69