Certificates with embedded private key
Posted: Mon Sep 09, 2019 9:53 am
Does ESP-IDF handle client certificates with an embedded private key? Client certificates are used for both SSL and WPA-Enterprise.
For the former, these are declared as follows in components/tcp_transport/include/esp_transport_ssl.h:
In other words, can we call esp_transport_ssl_set_client_cert_data() oresp_wifi_sta_wpa2_ent_set_cert_key() with a PEM containing both the certificate and the private key without calling esp_transport_ssl_set_client_cert_data() or passing the private_key parameter? For example, wpa2_client.pem (https://github.com/espressif/esp-idf/bl ... client.pem) contains both (in that PEM, the private key is encrypted so passing private_key_passwd is required).
For the former, these are declared as follows in components/tcp_transport/include/esp_transport_ssl.h:
Code: Select all
/**
* @brief Set SSL client certificate data for mutual authentication (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy.
* So this data must remain valid until after the connection is cleaned up
*
* @param t ssl transport
* @param[in] data The pem data
* @param[in] len The length
*/
void esp_transport_ssl_set_client_cert_data(esp_transport_handle_t t, const char *data, int len);
/**
* @brief Set SSL client key data for mutual authentication (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy.
* So this data must remain valid until after the connection is cleaned up
*
* @param t ssl transport
* @param[in] data The pem data
* @param[in] len The length
*/
void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char *data, int len);