From 8a1dcc076577a101a3cda266ea4b61d113a6b687 Mon Sep 17 00:00:00 2001
From: Jitin George <jitin@espressif.com>
Date: Mon, 12 Feb 2018 23:38:51 +0530
Subject: [PATCH] CA Certificate verification

---
 components/esp-tls/esp-tls.c | 21 +++++++++++++++++++++
 components/esp-tls/esp-tls.h |  2 ++
 2 files changed, 23 insertions(+)

diff --git a/components/esp-tls/esp-tls.c b/components/esp-tls/esp-tls.c
index d7599ed53b..e327921759 100644
--- a/components/esp-tls/esp-tls.c
+++ b/components/esp-tls/esp-tls.c
@@ -117,6 +117,27 @@ static int create_ssl_handle(struct esp_tls *tls, const char *hostname, size_t h
     SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
     SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
 #endif
+
+    if (cfg->cacert_pem_buf != NULL) {
+        SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
+
+        BIO *bio;
+        bio = BIO_new(BIO_s_mem());
+        BIO_write(bio, cfg->cacert_pem_buf, cfg->cacert_pem_bytes);
+
+        X509 *ca = PEM_read_bio_X509(bio, NULL, 0, NULL);
+
+        if (!ca) {
+            ESP_LOGE(TAG, "CA Error\n");                                                                                    
+        }
+        ESP_LOGD(TAG, "CA OK\n");
+            
+        X509_STORE_add_cert(SSL_CTX_get_cert_store(ssl_ctx), ca);
+
+        X509_free(ca);
+        BIO_free(bio);
+    }
+
     if (cfg->alpn_protos) {
 	SSL_CTX_set_alpn_protos(ssl_ctx, cfg->alpn_protos, strlen((char *)cfg->alpn_protos));
     }
diff --git a/components/esp-tls/esp-tls.h b/components/esp-tls/esp-tls.h
index f921a5e6f6..0327acc700 100644
--- a/components/esp-tls/esp-tls.h
+++ b/components/esp-tls/esp-tls.h
@@ -19,6 +19,8 @@ struct esp_tls_cfg {
      * - the subsequent 'h2' is the protocol name
      */
     const unsigned char *alpn_protos;
+    const unsigned char *cacert_pem_buf;
+    const unsigned int cacert_pem_bytes;
 };
 
 struct esp_tls {
-- 
2.40.0