git.openpandora.org / pandora-u-boot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2df965d) | patch
lwip: tls: enforce checking of server certificates based on CA availability
authorJerome Forissier <jerome.forissier@linaro.org>
Wed, 5 Mar 2025 14:26:43 +0000 (15:26 +0100)
committerJerome Forissier <jerome.forissier@linaro.org>
Tue, 11 Mar 2025 13:16:03 +0000 (14:16 +0100)
commitf69f7aef26f797e18d3f2f205f0d3c9c5ad8df99
treeb2bccc2502144a8c94c606332d71dbffce48c6d1tree | snapshot
parent2df965d385872b2ae49a79c2cab4679a8999467fcommit | diff
lwip: tls: enforce checking of server certificates based on CA availability

Instead of relying on some build time configuration to determine if
server certificates need to be checked against CA certificates, do it
based on the availability of such certificates. If no CA is configured
then no check can succeed; on the other hand if we have CA certs then
we should not ignore them. It is always possible to remove the CA certs
(via 'wget cacert 0 0') to force an HTTPS download that would fail
certificate validation.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c diff | blob | history
lib/lwip/lwip/src/include/lwip/apps/altcp_tls_mbedtls_opts.h diff | blob | history
Pandora U-Boot Repository