Table of Contents
Advertisement
Chapter 2. API Reference
CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN
Enable hardware ECDSA sign acceleration when using ATECC608A
Found in:
Component config
This option enables hardware acceleration for ECDSA sign function, only when using ATECC608A
cryptoauth chip (integrated with ESP32-WROOM-32SE)
Default value:
• No (disabled)
CONFIG_MBEDTLS_ATCA_HW_ECDSA_VERIFY
Enable hardware ECDSA verify acceleration when using ATECC608A
Found in:
Component config
This option enables hardware acceleration for ECDSA sign function, only when using ATECC608A
cryptoauth chip (integrated with ESP32-WROOM-32SE)
Default value:
• No (disabled)
CONFIG_MBEDTLS_HAVE_TIME
Enable mbedtls time support
Found in:
Component config
Enable use of time.h functions (time() and gmtime()) by mbedTLS.
This option doesn' t require the system time to be correct, but enables functionality that requires relative
timekeeping - for example periodic expiry of TLS session tickets or session cache entries.
Disabling this option will save some firmware size, particularly if the rest of the firmware doesn't call
any standard timekeeeping functions.
Default value:
• Yes (enabled)
CONFIG_MBEDTLS_HAVE_TIME_DATE
Enable mbedtls certificate expiry check
Found in:
Component config
Enables X.509 certificate expiry checks in mbedTLS.
If this option is disabled (default) then X.509 certificate "valid from"and "valid to"timestamp fields
are ignored.
If this option is enabled, these fields are compared with the current system date and time. The time
is retrieved using the standard time() and gmtime() functions. If the certificate is not valid for the
current system time then verification will fail with code MBEDTLS_X509_BADCERT_FUTURE or
MBEDTLS_X509_BADCERT_EXPIRED.
Enabling this option requires adding functionality in the firmware to set the system clock to a valid
timestamp before using TLS. The recommended way to do this is via ESP-IDF's SNTP functionality,
but any method can be used.
In the case where only a small number of certificates are trusted by the device, please carefully consider
the tradeoffs of enabling this option. There may be undesired consequences, for example if all trusted
certificates expire while the device is offline and a TLS connection is required to update. Or if an issue
with the SNTP server means that the system time is invalid for an extended period after a reset.
Default value:
Espressif Systems
>
mbedTLS
>
mbedTLS
>
mbedTLS
>
mbedTLS
>
CONFIG_MBEDTLS_HAVE_TIME
1190
Submit Document Feedback
Release v4.4
Advertisement
Table of Contents
Need help?
Do you have a question about the ESP32-S2 and is the answer not in the manual?
Questions and answers