Certificates with embedded private key

[DurandA]

Does ESP-IDF handle client certificates with an embedded private key? Client certificates are used for both SSL and WPA-Enterprise.

For the former, these are declared as follows in components/tcp_transport/include/esp_transport_ssl.h:

Code: Select all

/**
 * @brief      Set SSL client certificate data for mutual authentication (as PEM format).
 *             Note that, this function stores the pointer to data, rather than making a copy.
 *             So this data must remain valid until after the connection is cleaned up
 *
 * @param      t     ssl transport
 * @param[in]  data  The pem data
 * @param[in]  len   The length
 */
void esp_transport_ssl_set_client_cert_data(esp_transport_handle_t t, const char *data, int len);

/**
 * @brief      Set SSL client key data for mutual authentication (as PEM format).
 *             Note that, this function stores the pointer to data, rather than making a copy.
 *             So this data must remain valid until after the connection is cleaned up
 *
 * @param      t     ssl transport
 * @param[in]  data  The pem data
 * @param[in]  len   The length
 */
void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char *data, int len);

In other words, can we call esp_transport_ssl_set_client_cert_data() oresp_wifi_sta_wpa2_ent_set_cert_key() with a PEM containing both the certificate and the private key without calling esp_transport_ssl_set_client_cert_data() or passing the private_key parameter? For example, wpa2_client.pem (https://github.com/espressif/esp-idf/bl ... client.pem) contains both (in that PEM, the private key is encrypted so passing private_key_passwd is required).

[DurandA]

It would be helpful to have a quick answer from an Espressif engineer since we don't have access to the implementation.