Fix TLS for v5.4.1 update

Cert bundle code in lib/mbedtls_config was being used, and assumed the older ESP-IDF internal
bundle format, which was changed in ESP-IDF v5.4. Added a wrapper around the ESP-IDF
bundle routines, and stopped using the shared bundle code.

Also fixed extraneous blank lines in mbedtls logging and removed an extraneous, unused, damaged .h.

Author: dhalbert

lib/mbedtls_config/mbedtls_config_port.h

@@ -175,12 +175,12 @@ ifeq ($(DEBUG), 1)
 		OPTIMIZATION_FLAGS ?= -Og
 		CFLAGS += -DDEBUG
 	endif
-	# You may want to enable these flags to make setting breakpoints easier.
-	# CFLAGS += -fno-inline -fno-ipa-sra
+#	You may want to enable these flags to make setting breakpoints easier.
+#	CFLAGS += -fno-inline -fno-ipa-sra
 else
 	CFLAGS += -DNDEBUG
-	# RISC-V is larger than xtensa
-	# Use -Os for RISC-V when it overflows
+#	RISC-V is larger than xtensa
+#	Use -Os for RISC-V when it overflows
 	ifeq ($(IDF_TARGET_ARCH),riscv)
 		OPTIMIZATION_FLAGS ?= -Os
 	else
@@ -384,7 +384,7 @@ SRC_C += \
 	peripherals/$(IDF_TARGET)/pins.c
 
 ifeq ($(CIRCUITPY_SSL),1)
-SRC_C += lib/mbedtls_config/crt_bundle.c
+SRC_C += common-hal/ssl/crt_bundle.c
 endif
 
 SRC_C += $(wildcard common-hal/espidf/*.c)
@@ -608,8 +608,8 @@ ifneq ($(CIRCUITPY_BLEIO_NATIVE),0)
 
 	ESP_IDF_COMPONENTS_LINK += bt esp_phy esp_security
 	ifeq ($(BLE_IMPL),esp32)
-		# BLE will hang the ESP32 and trigger an interrupt watchdog without this undefined symbol at
-		# link because a weak version of the interrupt that BLE uses will be linked incorrectly.
+#		BLE will hang the ESP32 and trigger an interrupt watchdog without this undefined symbol at
+#		link because a weak version of the interrupt that BLE uses will be linked incorrectly.
 		REGISTRATION_FUNCTIONS += -u ld_include_hli_vectors_bt
 		BINARY_BLOBS += esp-idf/components/bt/controller/lib_esp32/$(IDF_TARGET)/libbtdm_app.a
 	endif

ports/espressif/Makefile

@@ -0,0 +1,37 @@
+// This file is part of the CircuitPython project: https://circuitpython.org
+//
+// SPDX-FileCopyrightText: Copyright (c) 2025 Dan Halbert for Adafruit Industries
+//
+// SPDX-License-Identifier: MIT
+
+// In ESP-IDF v5.4, Espressif changed the format of the in-flash cert bundle, which
+// made lib/mbedtls_config/crt_bundle.c no longer work. Rather than update that,
+// just wrap those functions and use the ESP-IDF versions.
+
+#include "py/mperrno.h"
+#include "mbedtls/x509_crt.h"
+#include "lib/mbedtls_config/crt_bundle.h"
+#include "esp_crt_bundle.h"
+
+static int convert_esp_err(esp_err_t ret) {
+    switch (ret) {
+        case ESP_OK:
+            return 0;
+        default:
+            // Right now esp_crt_bundle.c doesn't return very specific errors.
+        case ESP_ERR_INVALID_ARG:
+            return -MP_EINVAL;
+    }
+}
+
+int crt_bundle_attach(mbedtls_ssl_config *ssl_conf) {
+    return convert_esp_err(esp_crt_bundle_attach(ssl_conf));
+}
+
+void crt_bundle_detach(mbedtls_ssl_config *conf) {
+    esp_crt_bundle_detach(conf);
+}
+
+int crt_bundle_set(const uint8_t *x509_bundle, size_t bundle_size) {
+    return convert_esp_err(esp_crt_bundle_set(x509_bundle, bundle_size));
+}

ports/espressif/common-hal/ssl/crt_bundle.c

@@ -37,7 +37,7 @@
 static void mbedtls_debug(void *ctx, int level, const char *file, int line, const char *str) {
     (void)ctx;
     (void)level;
-    mp_printf(&mp_plat_print, "DBG:%s:%04d: %s\n", file, line, str);
+    mp_printf(&mp_plat_print, "DBG:%s:%04d: %s", file, line, str);
 }
 #define DEBUG_PRINT(fmt, ...) mp_printf(&mp_plat_print, "DBG:%s:%04d: " fmt "\n", __FILE__, __LINE__,##__VA_ARGS__)
 #else