Hi There,
I am using encryption in several IDF components:
1. Http Client -- requests to https, for which I supply a certificate
2. OTA -- the firmware downloads from a https url, for which I supply a certificate
3. MQTT -- wss://, for which I DO NOT provide a certificate.
Question 1:
I know 1 and 2 perform CN checking by default, however I am not sure about CN checking for wss://. Is CN checking performed for 3?
Question 2:
DO ANY of the above methods check expiration time? I have read in several places that by default no expiration checking is done. I'm not setting the time on the device so I don't even know how it would be possible. If possible, I'd like to disable all expiration checking.
Thanks!
Do Any SSL/WSS Components Perform Expiration Validation?
-
- Posts: 19
- Joined: Mon Mar 15, 2021 12:54 pm
-
- Posts: 74
- Joined: Wed Oct 23, 2019 1:49 am
Re: Do Any SSL/WSS Components Perform Expiration Validation?
1. CN checking should be performed by default unless you've disabled it (see skip_cert_common_name_check in the MQTT config struct)
2. Expiration checking is controlled by the MBEDTLS_HAVE_TIME_DATE setting in menuconfig. Which should be disabled by default.
2. Expiration checking is controlled by the MBEDTLS_HAVE_TIME_DATE setting in menuconfig. Which should be disabled by default.
-
- Posts: 19
- Joined: Mon Mar 15, 2021 12:54 pm
Re: Do Any SSL/WSS Components Perform Expiration Validation?
Thanks for the quick and helpful answer ESP-Marius!
Who is online
Users browsing this forum: Google [Bot] and 118 guests