From 7b50ed70a34ea93c9b86b62afdc6595ffbfa484a Mon Sep 17 00:00:00 2001
From: Mahavir Jain <mahavir@espressif.com>
Date: Fri, 20 Apr 2018 19:45:50 +0530
Subject: [PATCH] aws_iot: add support for MQTT TLS over port 443

Signed-off-by: Mahavir Jain <mahavir@espressif.com>
---
 components/aws_iot/port/network_mbedtls_wrapper.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/components/aws_iot/port/network_mbedtls_wrapper.c b/components/aws_iot/port/network_mbedtls_wrapper.c
index 07e2ed413..6da6d5dad 100644
--- a/components/aws_iot/port/network_mbedtls_wrapper.c
+++ b/components/aws_iot/port/network_mbedtls_wrapper.c
@@ -236,6 +236,15 @@ IoT_Error_t iot_tls_connect(Network *pNetwork, TLSConnectParams *params) {
 
     mbedtls_ssl_conf_read_timeout(&(tlsDataParams->conf), pNetwork->tlsConnectParams.timeout_ms);
 
+    /* Use the AWS IoT ALPN extension for MQTT, if port 443 is requested */
+    if (pNetwork->tlsConnectParams.DestinationPort == 443) {
+        const char *alpnProtocols[] = { "x-amzn-mqtt-ca", NULL };
+        if ((ret = mbedtls_ssl_conf_alpn_protocols(&(tlsDataParams->conf), alpnProtocols)) != 0) {
+            ESP_LOGE(TAG, "failed! mbedtls_ssl_conf_alpn_protocols returned -0x%x", -ret);
+            return SSL_CONNECTION_ERROR;
+        }
+    }
+
     if((ret = mbedtls_ssl_setup(&(tlsDataParams->ssl), &(tlsDataParams->conf))) != 0) {
         ESP_LOGE(TAG, "failed! mbedtls_ssl_setup returned -0x%x", -ret);
         return SSL_CONNECTION_ERROR;