The PR removed the bulk of non-newlib headers from the NodeMCU source base.
app/libc has now been cut down to the bare minimum overrides to shadow the
corresponding functions in the SDK's libc. The old c_xyz.h headerfiles have been
nuked in favour of the standard <xyz.h> headers, with a few exceptions over in
sdk-overrides. Again, shipping a libc.a without headers is a terrible thing to do. We're
still living on a prayer that libc was configured the same was as a default-configured
xtensa gcc toolchain assumes it is. That part I cannot do anything about, unfortunately,
but it's no worse than it has been before.
This enables our source files to compile successfully using the standard header files,
and use the typical malloc()/calloc()/realloc()/free(), the strwhatever()s and
memwhatever()s. These end up, through macro and linker magic, mapped to the
appropriate SDK or ROM functions.
* Update TLS protocol support
TLS1.0 is past PCI's EOL; BEAST is no more
Enable elliptic curve key exchanges
Do not enable the smallest ECs for security
Do not enable the largest ECs for computational time
Do not enable 25519 (sad) because it doesn't go across the wire
Drop non-PFS key exchanges
Drop ARC4, Blowfish, DES, genprime, XTEA code
Drop renegotiation support completely
It takes so much heap that it's not likely to work out well
Tidy handling of SSL_BUFFER_SIZE
Update docs
Drop mention of startcom, since they are no more, for letsencrypt
* Update mbedtls to 2.7.7
Preserve our vsnprintf and platform hacks
* Introduce TLS maximum fragment size knob
Reduce buffer size to 4Ki by default and advertize that. That's the
largest we can advertize with the TLS MFL extension, so there's no
point in making them larger. The truly adventurous can re-raise
SSL_BUFFER_SIZE and undefine the SSL_MAX_FRAGMENT_LENGTH_CODE and get
back to the earlier behavior.
* Default to mbedTLS debug with DEVELOP_VERSION
* mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8)
Wholesale import, with a few changes from earlier preserved through.
Ideally we would soon get to the point of having no divergences from
upstream.
* tls: add function to adjust mbedTLS debug level
* mbedTLS update
* mbedtls: vsnprintf macroification
* Further update mbedTLS to 2.6.1
* mbedtls: make debugging work again
* Silence SSL messages on normal teardown
* Drop DTLS support from mbedtls
* Update LWIP from SDK
* mbedTLS integration
* Fix argument type in dbg_printf (#1624)
* Migrate to espressif’s download center (#1604)
* Fixed BBS links to firmware
* Adjust net module docs with mbedTLS info
* Remove unrelevant axTLS notice
Johny Mattsson
Nathaniel Wesley Filardo
Yury Popov