esp-tls: enable TLS renegotiation using explicit API call

mahavirj · espressif-bot · commit 52469c85056a · 2020-07-03T05:52:22.000Z
mbedTLS stack does not keep TLS renegotiation enabled even if
relevant config option is turned on, it needs explicit API call
`mbedtls_ssl_conf_renegotiation` to do so.

This issue was observed in case of Azure IoT, where keys needs to
be refreshed periodically to keep TLS connection intact.
diff --git a/components/esp-tls/esp_tls_mbedtls.c b/components/esp-tls/esp_tls_mbedtls.c
@@ -410,6 +410,9 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
         return ESP_ERR_MBEDTLS_SSL_CONFIG_DEFAULTS_FAILED;
     }
 
+#ifdef CONFIG_MBEDTLS_SSL_RENEGOTIATION
+    mbedtls_ssl_conf_renegotiation(&tls->conf, MBEDTLS_SSL_RENEGOTIATION_ENABLED);
+#endif
 
     if (cfg->alpn_protos) {
 #ifdef CONFIG_MBEDTLS_SSL_ALPN

Original file line number	Diff line number	Diff line change
`@@ -410,6 +410,9 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t`
`410`	`410`	`return ESP_ERR_MBEDTLS_SSL_CONFIG_DEFAULTS_FAILED;`
`411`	`411`	`}`
`412`	`412`
	`413`	`+#ifdef CONFIG_MBEDTLS_SSL_RENEGOTIATION`
	`414`	`+ mbedtls_ssl_conf_renegotiation(&tls->conf, MBEDTLS_SSL_RENEGOTIATION_ENABLED);`
	`415`	`+#endif`
`413`	`416`
`414`	`417`	`if (cfg->alpn_protos) {`
`415`	`418`	`#ifdef CONFIG_MBEDTLS_SSL_ALPN`