diff --git a/ports/raspberrypi/common-hal/ssl/SSLSocket.c b/ports/raspberrypi/common-hal/ssl/SSLSocket.c index 72a5ba4fae..dd1f50d29a 100644 --- a/ports/raspberrypi/common-hal/ssl/SSLSocket.c +++ b/ports/raspberrypi/common-hal/ssl/SSLSocket.c @@ -174,7 +174,14 @@ ssl_sslsocket_obj_t *common_hal_ssl_sslcontext_wrap_socket(ssl_sslcontext_obj_t if (self->crt_bundle_attach != NULL) { mbedtls_ssl_conf_authmode(&o->conf, MBEDTLS_SSL_VERIFY_REQUIRED); self->crt_bundle_attach(&o->conf); - // } else if(self->cacert_buf && self->cacert_bytes) { // TODO: user bundle + } else if (self->cacert_buf && self->cacert_bytes) { + ret = mbedtls_x509_crt_parse(&o->cacert, self->cacert_buf, self->cacert_bytes); + if (ret != 0) { + goto cleanup; + } + mbedtls_ssl_conf_authmode(&o->conf, MBEDTLS_SSL_VERIFY_REQUIRED); + mbedtls_ssl_conf_ca_chain(&o->conf, &o->cacert, NULL); + } else { mbedtls_ssl_conf_authmode(&o->conf, MBEDTLS_SSL_VERIFY_NONE); }