tcp_transport: Add API to allow skipping of certificate CN validation

diff --git a/components/tcp_transport/include/esp_transport_ssl.h b/components/tcp_transport/include/esp_transport_ssl.h
index c42fd09353e257ddaa02694e39ae5a5fbaa82c71..0f83c1d6e49923089b74f43a7a0c1d8c267443dd 100644 (file)
--- a/components/tcp_transport/include/esp_transport_ssl.h
+++ b/components/tcp_transport/include/esp_transport_ssl.h
@@ -69,6 +69,15 @@ void esp_transport_ssl_set_client_cert_data(esp_transport_handle_t t, const char
  */
 void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char *data, int len);
 
+/**
+ * @brief      Skip validation of certificate's common name field
+ *
+ * @note       Skipping CN validation is not recommended
+ *
+ * @param      t     ssl transport
+ */
+void esp_transport_ssl_skip_common_name_check(esp_transport_handle_t t);
+
 #ifdef __cplusplus
 }
 #endif

diff --git a/components/tcp_transport/transport_ssl.c b/components/tcp_transport/transport_ssl.c
index 257a58cba65c957da765218008a979bcd9592d4d..49f71bb2d2b3c8e1ce0fdd3884887574f601b4d0 100644 (file)
--- a/components/tcp_transport/transport_ssl.c
+++ b/components/tcp_transport/transport_ssl.c
@@ -192,6 +192,14 @@ void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char
     }
 }
 
+void esp_transport_ssl_skip_common_name_check(esp_transport_handle_t t)
+{
+    transport_ssl_t *ssl = esp_transport_get_context_data(t);
+    if (t && ssl) {
+        ssl->cfg.skip_common_name = true;
+    }
+}
+
 esp_transport_handle_t esp_transport_ssl_init()
 {
     esp_transport_handle_t t = esp_transport_init();