diff --git a/components/esp-tls/esp_tls_mbedtls.c b/components/esp-tls/esp_tls_mbedtls.c index 243d97be4..8cb8d9886 100644 --- a/components/esp-tls/esp_tls_mbedtls.c +++ b/components/esp-tls/esp_tls_mbedtls.c @@ -266,7 +266,7 @@ static esp_err_t set_pki_context(esp_tls_t *tls, const esp_tls_pki_t *pki) } ret = mbedtls_pk_parse_key(pki->pk_key, pki->privkey_pem_buf, pki->privkey_pem_bytes, - NULL, 0); + pki->privkey_password, pki->privkey_password_len); if (ret < 0) { ESP_LOGE(TAG, "mbedtls_pk_parse_keyfile returned -0x%x", -ret); ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ERR_TYPE_MBEDTLS, -ret); diff --git a/components/tcp_transport/include/esp_transport_ssl.h b/components/tcp_transport/include/esp_transport_ssl.h index 7398dbc4f..9ce0b19c3 100644 --- a/components/tcp_transport/include/esp_transport_ssl.h +++ b/components/tcp_transport/include/esp_transport_ssl.h @@ -92,6 +92,16 @@ void esp_transport_ssl_set_client_cert_data_der(esp_transport_handle_t t, const */ void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char *data, int len); +/** + * @brief Set SSL client key password if the key is password protected. The configured + * password is passed to the underlying TLS stack to decrypt the client key + * + * @param t ssl transport + * @param[in] password Pointer to the password + * @param[in] password_len Password length + */ +void esp_transport_ssl_set_client_key_password(esp_transport_handle_t t, const char *password, int password_len); + /** * @brief Set SSL client key data for mutual authentication (as DER format). * Note that, this function stores the pointer to data, rather than making a copy. diff --git a/components/tcp_transport/transport_ssl.c b/components/tcp_transport/transport_ssl.c index acc963666..0cef93381 100644 --- a/components/tcp_transport/transport_ssl.c +++ b/components/tcp_transport/transport_ssl.c @@ -245,6 +245,15 @@ void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char } } +void esp_transport_ssl_set_client_key_password(esp_transport_handle_t t, const char *password, int password_len) +{ + transport_ssl_t *ssl = esp_transport_get_context_data(t); + if (t && ssl) { + ssl->cfg.clientkey_password = (void *)password; + ssl->cfg.clientkey_password_len = password_len; + } +} + void esp_transport_ssl_set_client_key_data_der(esp_transport_handle_t t, const char *data, int len) { transport_ssl_t *ssl = esp_transport_get_context_data(t);