From 6f034e9194e7878c25bf8806f129228d196ea8fb Mon Sep 17 00:00:00 2001
From: Mahavir Jain <mahavir@espressif.com>
Date: Mon, 13 Jul 2020 15:56:00 +0530
Subject: [PATCH] esp-tls: enable TLS renegotiation using explicit API call

mbedTLS stack does not keep TLS renegotiation enabled even if
relevant config option is turned on, it needs explicit API call
`mbedtls_ssl_conf_renegotiation` to do so.

This issue was observed in case of Azure IoT, where keys needs to
be refreshed periodically to keep TLS connection intact.
---
 components/esp-tls/esp_tls.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/components/esp-tls/esp_tls.c b/components/esp-tls/esp_tls.c
index 4bd616e76..d4869fc3e 100644
--- a/components/esp-tls/esp_tls.c
+++ b/components/esp-tls/esp_tls.c
@@ -338,6 +338,10 @@ static esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
         return ESP_ERR_MBEDTLS_SSL_CONFIG_DEFAULTS_FAILED;
     }
 
+#ifdef CONFIG_MBEDTLS_SSL_RENEGOTIATION
+    mbedtls_ssl_conf_renegotiation(&tls->conf, MBEDTLS_SSL_RENEGOTIATION_ENABLED);
+#endif
+
 #ifdef CONFIG_MBEDTLS_SSL_ALPN
     if (cfg->alpn_protos) {
         mbedtls_ssl_conf_alpn_protocols(&tls->conf, cfg->alpn_protos);