From f72d259622c5bdaa569903f71acddf25db74429f Mon Sep 17 00:00:00 2001 From: Marius Vikhammer Date: Thu, 21 May 2020 14:48:17 +0800 Subject: [PATCH] esp_crt_bundle: fixes the "No CA Chain is set" error When compiling esp_crt_bundle.c, it would end up with a different struct layout due to configuration options from "mbedtls/esp_config.h" not being considered. This lead to ca_chain potentially not being set correctly. --- components/mbedtls/CMakeLists.txt | 2 +- components/mbedtls/esp_crt_bundle/esp_crt_bundle.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt index 0eac1a12d..9ae075b3c 100644 --- a/components/mbedtls/CMakeLists.txt +++ b/components/mbedtls/CMakeLists.txt @@ -120,6 +120,6 @@ endif() set_property(TARGET mbedcrypto APPEND PROPERTY LINK_INTERFACE_LIBRARIES mbedtls) # Link mbedtls libraries to component library -target_link_libraries(${COMPONENT_LIB} INTERFACE ${mbedtls_targets}) +target_link_libraries(${COMPONENT_LIB} PUBLIC ${mbedtls_targets}) diff --git a/components/mbedtls/esp_crt_bundle/esp_crt_bundle.c b/components/mbedtls/esp_crt_bundle/esp_crt_bundle.c index c03da8d9a..27b166557 100644 --- a/components/mbedtls/esp_crt_bundle/esp_crt_bundle.c +++ b/components/mbedtls/esp_crt_bundle/esp_crt_bundle.c @@ -196,9 +196,10 @@ esp_err_t esp_crt_bundle_attach(void *conf) * This is only required so that the * cacert_ptr passes non-NULL check during handshake */ + mbedtls_ssl_config *ssl_conf = (mbedtls_ssl_config *)conf; mbedtls_x509_crt_init(&s_dummy_crt); - ((mbedtls_ssl_config *)conf)->ca_chain = &s_dummy_crt; - mbedtls_ssl_conf_verify((mbedtls_ssl_config *)conf, esp_crt_verify_callback, NULL); + mbedtls_ssl_conf_ca_chain(ssl_conf, &s_dummy_crt, NULL); + mbedtls_ssl_conf_verify(ssl_conf, esp_crt_verify_callback, NULL); } return ret;