Improving wolfSSL integration with the Espressif ESP-IDF (IDFGH-13019)

[gojimmypi]

Answers checklist.

• I have read the documentation ESP-IDF Programming Guide and the issue is not addressed there.
• I have updated my IDF branch (master or release) to the latest version and checked that the issue is present there.
• I have searched the issue tracker for a similar issue and not found a similar issue.

General issue report

Improving wolfSSL integration with the Espressif ESP-IDF

This is an anchor GitHub issue to track the various upcoming pull requests and other issues related to improving the wolfSSL cryptographic library integration with the Espressif ESP-IDF.

The wolfSSL libraries are available for a given project, but the integration with the ESP-IDF core is not as robust as it should be.

There's a companion issue at wolfSSL: wolfSSL/wolfssl#7640

Features To Do

• Include wolfSSL as an ESP-IDF component. See preview here.
• Full wolfSSL ESP-TLS integration.
• Add wolfSSL support to bootloader_support
• Add wolfSSL support to bt
• Add wolfSSL support to espcoredump
• Add wolfSSL support to esp_http_client example
• Add wolfSSL support to esp_https_server
• Add wolfSSL support to esp_http_server
• Add wolfSSL support to esp_rom
• Add wolfSSL support to lwip
• Add wolfSSL support to mqtt
• Add wolfSSL support to openthread
• Add wolfSSL support to protocomm
• Add wolfSSL support to wpa_supplicant
• CI/CD, Testing, Jenkins at wolfSSL
• change(esp-wolfssl): allow to enable OCSP support esp-wolfssl#24
• fix(esp-tls): make the wolfSSL backend send entire client certificate… (IDFGH-12621) #13618
• Change(component.cmake): check for missing component_target (IDFGH-13091) #14036

Reasons for choosing wolfSSL instead of mbedTLS

For serious commercial applications needing or users simply needing more capable, flexible, and actively supported libraries developers should choose wolfSSL.

wolfSSL is a TLS library. wolfSSL offers:

• optimal performance
• rapid integration
• hardware crypto support
• support for the most current standards.

wolfSSL is the best tested crypto support, the #1 TLS in IoT and the first embedded TLS 1.3 platform with TPM 2.0, MQTT, FIPS 140 certification, hardware crypto acceleration and secure enclave support. All products are backed by 24/7 support.

	wolfSSL	mbed TLS
TECHNOLOGY
Copyright	wolfSSL Inc.	Multiple Owners
Development Team	Original developers still on project	Based on XySSL/PolarSSL, not maintained by the original developers
Portability	"Portable Out of the Box Win32/64, Linux, OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, OpenCL, NonStop, TRON/ITRON/µITRON, Micrium's µC OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP/UX, Keil RTX, TI-RTOS, Integrity OS"	Win32/64, Linux, OS X, Solaris, FreeBSD, NetBSD, OpenBSD, OpenWRT, iPhone (iOS), Xbox, Android, SeggerOS
Standards Support	SSLv3 - TLS 1.3, DTLS 1.0,1.2, 1.3	TLS 1.2/TLS 1.3 and DTLS 1.2
Server Support	YES	YES
Performance	Awesome! See our benchmarks page: https://www.wolfssl.com/docs/benchmarks/	Average
Hardware & Assembly Optimizations	- ARM Assembly Optimizations (Aarch32/Aarch64/Arm32/Cortex-M/Neon) - ARMv8 Cryptography Extensions - RISC-V Assembly - STM32 F2/F4/F7/L4/L5/U5/H5/H7 Hardware Crypto - ATECC608B, ST-SAFEA110, SE050, IoT-Safe - Single Precision Math (C and Assembly)	Some ARM optimizations
Command Line Utility	YES	NO
Certifications	YES (FIPS 140-3, DO-178 DAL-A)	NO
Certificate Revocation Support	CRL, OCSP, OCSP Stapling	CRL
Crypto Library Abstraction Layer	YES	NO
SSL Inspection (Sniffer) Support	YES	NO
Compression Support	zlib NO
OpenSSL Compatibility Layer	YES (Actively updated - over 1,600)	YES (Out of date)
Post Quantum Support	Kyber, LMS, XMSS and Dilithum/Falcon	NO
Supported Open Source Projects	OpenSSH, Stunnel, WPA Supplicant, lighttpd (lighty), cURL, mongoose, OpenVPN, NGINX and many others
Quality Assurance Testing	API Tests, Peer Review, Static Analysis, Product Specific Testing, Multiple Compilers, Benchmarks, Wrappers, Hardware Accelerated Testing, Security fuzzers (wolfSSL internal fuzzer, AFL, TLS Fuzzer, libFuzzer), known user configurations, external validation, big/little endian, multiple platforms (Embedded IOT Devices, Windows, Many Linux variants, MacOS, XCODE, Android)	Broken scripts
SUPPORT DOCUMENTATION LICENSING
Documentation	YES (complete manual, API reference, build instructions, extensions reference, tutorials, source code, benchmarking, examples)	PARTIAL (build instructions, API reference, source code)
Vulnerabilities	Fixes available within a few days	Fixes available few months or not at all
License Dual (GPLv2 / Commercial)	Dual (GPLv2 / Apache 2.0)
Royalty Free	YES	YES
Up to 24x7 Support	YES (Full support from native English speakers via email, phone, forums)	NO
FEATURES
Random Entropy	wolfRAND, NIST DRBG (SHA-256)	DRBG SHA-1/SHA2-256
Hashing/Cipher Functions	AES SIV/CFB/OFB, SHAKE, Blake2b/Blake2s, ECIES (ECC Enc/Dec)	NO
Public Key Options	Single Precision math, ECC Fixed Point cache ECC NIST	"modulo p" speedups
TLS Extensions	SNI, Max Fragment, ALPN, Trusted CA Indication, Truncated HMAC, Secure Renegotiation, Renegotiation Indication, Session Ticket, Extended Master Secret, Encrypt-Then-Mac, Quantum-Safe Hybrid Authentication	Max Fragment, Encrypt-Then-Mac

Getting Started with wolfSSL

If you are new to wolfSSL on the Espressif ESP32, this video
can help to get started:

Additional ESP-IDF specifics can be found in Espressif/ESP-IDF. The wolfSSL Manual is also a useful
resource.

The core Espressif IDE information for wolfSSL can be found here:

https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif

Included are the following examples:

• Bare-bones Template
• Simple TLS Client / TLS Server
• Cryptographic Test
• Cryptographic Benchmark

Managed Components

The wolfSSL libraries are already available as Espressif Managed Components from the ESP Registry for installation to a specific project.

• release

• wolfSSL wolfssl/wolfssl
• wolfSSH wolfssl/wolfssh
• wolfMQTT wolfssl/wolfmqtt
• wolfTPM wolfssl/wolftpm` (coming soon, see Initial Infineon I2C TPM support for Espressif ESP32 wolfSSL/wolfTPM#351)

staging/test Managed Components at the Espressif Component Registry.

• wolfSSL gojimmypi/mywolfssl
• wolfSSH gojimmypi/mywolfssh
• wolfMQTT gojimmypi/mywolfmqtt
• wolfTPM wolfssl/wolftpm (coming soon, see Initial Infineon I2C TPM support for Espressif ESP32 wolfSSL/wolfTPM#351)

For details on wolfSSL Managed Components, see these blogs:

• https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/
• https://www.wolfssl.com/wolfmqtt-now-available-as-an-espressif-managed-component-includes-aws-iot-mqtt-example/
• https://www.wolfssl.com/wolfssh-now-available-as-an-espressif-managed-component-includes-ssh-echo-server-example/

PlatformIO

We are providing two different Official wolfSSL libraries for the ESP32: standard and another specifically for Arduino:

• wolfssl/wolfSSL

• wolfssl/Arduino-wolfSSL

There are also two different versions: the stable release versions (above) and these staging updates, with the latest post-release changes.

• wolfssl-staging/wolfSSL

• wolfssl-staging/Arduino-wolfSSL

See also the wolfSSL now supported on PlatformIO blog.

https://github.com/wolfSSL/wolfssl/tree/master/IDE/PlatformIO

Arduino

See Getting Started with wolfSSL on Arduino blog.

https://www.arduino.cc/reference/en/libraries/wolfssl/

https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO

wolfSSL for the Apple HomeKit on the ESP32

See the https://github.com/AchimPieters/esp32-homekit-demo

AchimPieters/esp32-homekit-demo#3

Additional wolfSSL updates related to the Espressif environment

See ESP32 Espressif Improvements - Roadmap Summary #6234

Have an idea for other improvements? Feel free to open a new issue or send us an email [email protected]

[igrr]

Include wolfSSL as an ESP-IDF component. See preview here.

Just wanted to mention that it's unlikely that we would accept such a PR due to the fact that wolfSSL is not compatible with IDF's Apache 2.0 license. So we have to distribute wolfSSL via the component registry, instead.

Outside of the scope of this ESP-IDF feature request, you might also want to include support for wolfSSL in https://github.com/project-chip/connectedhomeip, as that would allow using wolfSSL in Matter devices.

[gojimmypi]

Hi @igrr

it's unlikely that we would accept such a PR due to the fact that wolfSSL is not compatible with IDF's Apache 2.0 license.

I'm certainly not a licensing expert - but having only the Cmakelists.txt and user_settings.h file in the ESP-IDF components directory and allowing the end user to point to their own source code does not seem to be any sort of licensing conflict. Can you please clarify?

This method does not seem to be much different that using a submodule as in esp-wolfssl, while offering the end user the ability to easily plug in a more recent version of wolfSSL simply by changing a setting in idf.py menuconfig.

There would be no wolfSSL source code in the ESP-IDF components directory. I'm thinking the Kconfig options would allow something like this:

I'm open to suggestions, such as:

distribute wolfSSL via the component registry, instead

Is it possible to add core ESP-IDF support for wolfSSL via a Managed Component?

For instance, if I have a project: /workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/component_test and I add the Managed Component like this:

idf.py add-dependency "wolfssl/wolfssl^5.7.0"

The ESP-IDF environment does not see the local project managed component when compiling the IDF components. For example, I added this #include to components/esp_wifi/include/esp_wifi.h:

#include "wolfssl/wolfcrypt/settings.h"

... and of course the compiler does not see the local project component:

[2/212] Building C object esp-idf/wpa_supplicant/CMakeFiles/__idf_wpa_supplicant.dir/src/ap/wpa_auth.c.obj
FAILED: esp-idf/wpa_supplicant/CMakeFiles/__idf_wpa_supplicant.dir/src/ap/wpa_auth.c.obj 
C:\SysGCC\esp32\tools\xtensa-esp-elf\esp-13.2.0_20230928\xtensa-esp-elf\bin\xtensa-esp32-elf-gcc.exe -DCONFIG_CRYPTO_MBEDTLS -DCONFIG_ECC -DCONFIG_FAST_PBKDF2 -DCONFIG_IEEE80211W -DCONFIG_NO_RADIUS -DCONFIG_OWE_STA -DCONFIG_SAE -DCONFIG_SAE_PK -DCONFIG_SHA256 -DCONFIG_WPA3_SAE -DCONFIG_WPS -DEAP_MSCHAPv2 -DEAP_PEAP -DEAP_PEER_METHOD -DEAP_TLS -DEAP_TTLS -DESPRESSIF_USE -DESP_PLATFORM -DESP_SUPPLICANT -DIDF_VER=\"v5.2-dev-3903-g66992aca7a-dirty\" -DIEEE8021X_EAPOL -DMBEDTLS_CONFIG_FILE=\"mbedtls/esp_config.h\" -DSOC_MMU_PAGE_SIZE=CONFIG_MMU_PAGE_SIZE -DSOC_XTAL_FREQ_MHZ=CONFIG_XTAL_FREQ -DUSE_WPA2_TASK -DUSE_WPS_TASK -D_GLIBCXX_HAVE_POSIX_SEMAPHORE -D_GLIBCXX_USE_POSIX_SEMAPHORE -D_GNU_SOURCE -D_POSIX_READER_WRITER_LOCKS -D__ets__ -IC:/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/component_test/build/VisualGDB/Debug/config -IC:/SysGCC/esp32/esp-idf/v5.2/components/wpa_supplicant/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/wpa_supplicant/port/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/wpa_supplicant/esp_supplicant/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/wpa_supplicant/src -IC:/SysGCC/esp32/esp-idf/v5.2/components/wpa_supplicant/src/utils -IC:/SysGCC/esp32/esp-idf/v5.2/components/wpa_supplicant/esp_supplicant/src -IC:/SysGCC/esp32/esp-idf/v5.2/components/wpa_supplicant/src/crypto -IC:/SysGCC/esp32/esp-idf/v5.2/components/newlib/platform_include -IC:/SysGCC/esp32/esp-idf/v5.2/components/freertos/config/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/freertos/config/include/freertos -IC:/SysGCC/esp32/esp-idf/v5.2/components/freertos/config/xtensa/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/freertos/FreeRTOS-Kernel/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/freertos/FreeRTOS-Kernel/portable/xtensa/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/freertos/FreeRTOS-Kernel/portable/xtensa/include/freertos -IC:/SysGCC/esp32/esp-idf/v5.2/components/freertos/esp_additions/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_hw_support/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_hw_support/include/soc -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_hw_support/include/soc/esp32 -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_hw_support/port/esp32/. -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_hw_support/port/esp32/private_include -IC:/SysGCC/esp32/esp-idf/v5.2/components/heap/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/log/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/soc/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/soc/esp32 -IC:/SysGCC/esp32/esp-idf/v5.2/components/soc/esp32/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/hal/platform_port/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/hal/esp32/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/hal/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_rom/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_rom/include/esp32 -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_rom/esp32 -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_common/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_system/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_system/port/soc -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_system/port/include/private -IC:/SysGCC/esp32/esp-idf/v5.2/components/xtensa/esp32/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/xtensa/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/xtensa/deprecated_include -IC:/SysGCC/esp32/esp-idf/v5.2/components/lwip/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/lwip/include/apps -IC:/SysGCC/esp32/esp-idf/v5.2/components/lwip/include/apps/sntp -IC:/SysGCC/esp32/esp-idf/v5.2/components/lwip/lwip/src/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/lwip/port/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/lwip/port/freertos/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/lwip/port/esp32xx/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/lwip/port/esp32xx/include/arch -IC:/SysGCC/esp32/esp-idf/v5.2/components/lwip/port/esp32xx/include/sys -IC:/SysGCC/esp32/esp-idf/v5.2/components/mbedtls/port/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/mbedtls/mbedtls/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/mbedtls/mbedtls/library -IC:/SysGCC/esp32/esp-idf/v5.2/components/mbedtls/esp_crt_bundle/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/mbedtls/mbedtls/3rdparty/everest/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/mbedtls/mbedtls/3rdparty/p256-m -IC:/SysGCC/esp32/esp-idf/v5.2/components/mbedtls/mbedtls/3rdparty/p256-m/p256-m -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_timer/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_wifi/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_wifi/wifi_apps/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_event/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_phy/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_phy/esp32/include -IC:/SysGCC/esp32/esp-idf/v5.2/components/esp_netif/include -mlongcalls -Wno-frame-address  -g -fdiagnostics-color=always -ffunction-sections -fdata-sections -Wall -Werror=all -Wno-error=unused-function -Wno-error=unused-variable -Wno-error=unused-but-set-variable -Wno-error=deprecated-declarations -Wextra -Wno-unused-parameter -Wno-sign-compare -Wno-enum-conversion -gdwarf-4 -ggdb -Og -fno-shrink-wrap -fmacro-prefix-map=C:/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/component_test=. -fmacro-prefix-map=C:/SysGCC/esp32/esp-idf/v5.2=/IDF -fstrict-volatile-bitfields -fno-jump-tables -fno-tree-switch-conversion -std=gnu17 -Wno-old-style-declaration -Wno-strict-aliasing -Wno-write-strings -Werror -Wno-format -MD -MT esp-idf/wpa_supplicant/CMakeFiles/__idf_wpa_supplicant.dir/src/ap/wpa_auth.c.obj -MF esp-idf\wpa_supplicant\CMakeFiles\__idf_wpa_supplicant.dir\src\ap\wpa_auth.c.obj.d -o esp-idf/wpa_supplicant/CMakeFiles/__idf_wpa_supplicant.dir/src/ap/wpa_auth.c.obj -c C:/SysGCC/esp32/esp-idf/v5.2/components/wpa_supplicant/src/ap/wpa_auth.c
In file included from C:/SysGCC/esp32/esp-idf/v5.2/components/wpa_supplicant/port/include/os.h:24,
                 from C:/SysGCC/esp32/esp-idf/v5.2/components/wpa_supplicant/src/utils/common.h:14,
                 from C:/SysGCC/esp32/esp-idf/v5.2/components/wpa_supplicant/src/ap/wpa_auth.c:10:
C:/SysGCC/esp32/esp-idf/v5.2/components/esp_wifi/include/esp_wifi.h:63:10: fatal error: wolfssl/wolfcrypt/settings.h: No such file or directory
   63 | #include "wolfssl/wolfcrypt/settings.h"
      |          ^~~~~~~~~~~~~

I suppose the instructions could include copying that local project component to the ESP-IDF, but that seems a bit awkward.

My goal is to make it as easy as possible for anyone to use wolfSSL instead of mbedTLS in their projects.

Any other options or suggestions are appreciated.

Thank you for taking a look at this issue.

[igrr]

There would be no wolfSSL source code in the ESP-IDF components directory. I'm thinking the Kconfig options would allow something like this:

This (user having to specify paths in their system) is a pattern we are trying to avoid in ESP-IDF, because it results in projects which are not easily portable between different computers. Imagine a team of developers working on a project, and different developers have projects checked out in different locations. Options such as this one would be impossible to commit to a common sdkconfig file in the project repository.

I think the component registry already provides a convenient way to install wolfSSL. The trend we want to see is that in the future, more features are moved out of ESP-IDF into standalone components. I'd like to avoid taking a step in the reverse direction.

The ESP-IDF environment does not see the local project managed component when compiling the IDF components. For example, I added this #include to components/esp_wifi/include/esp_wifi.h:

This is possible, please see for example how it is done in esp-tls component. We possibly have to change that line a bit to also consider wolfssl__wolfssl component name in addition to the legacy esp-wolfssl one, but the idea would be the same.

[gojimmypi]

This (user having to specify paths in their system) is a pattern we are trying to avoid in ESP-IDF, because it results in projects which are not easily portable between different computers.

Yes, I agree. That's a very valid point.

I've also considered an option where the CMakeLists.txt would automatically git clone a specific version. That too, has pros and cons.

I think the component registry already provides a convenient way to install wolfSSL. ... see for example how it is done in esp-tls component

Great! That looks like a promising alternative. I don't see any idf_component.yml in that component, nor the parent directory. Is there a way for the end user to adjust the version, or do you envision a component version being fixed to a given ESP-IDF release?

It might be nice to have the user be able to select from the esp-wolfssl, the managed component, and even the custom directory.

Yes: although I completely agree with your portability concerns, I still find the ability to point to a specific component version source code location to be a useful feature (e.g. pointing to a different GitHub repo directory, allowing changes to be easily checked in, or selected from different branches or releases). I could limit this to wolfSSL examples if you'd prefer not to have this feature in the ESP-IDF.

Thanks very much being receptive to including wolfSSL in the ESP-IDF.

[igrr]

Great! That looks like a promising alternative. I don't see any idf_component.yml in that component, nor the parent directory. Is there a way for the end user to adjust the version, or do you envision a component version being fixed to a given ESP-IDF release?

The user would add idf_component.yml at the application level (e.g. in main component) and specify the dependency and the version there.

Other components (such as esp-tls and esp_wifi) can then detect the presence of wolfSSL component and enable the corresponding implementations — as done now in esp-tls, except for updating the component name.

I still find the ability to point to a specific component version source code location to be a useful feature

This is still doable within the framework of the component manager. It allows specifying a dependency not only on a version published in the component registry, but also a branch or commit in a Git repository, or from a local directory: https://docs.espressif.com/projects/idf-component-manager/en/latest/reference/manifest_file.html#dependencies-from-local-directory (and the section below).

So I still don't see a strong need to introduce a Kconfig option for source code path, or handling of this option in CMake.

[gojimmypi]

The user would add idf_component.yml at the application level (e.g. in main component)

AHA! I didn't understand the part about using idf_component_get_property in the ESP-IDF, in particular the wolfssl__wolfssl name of the managed component can be used instead of the esp-wolfssl repository name. Thanks for the link to the docs, I had not seen that.

I've confirmed by adding this line:

idf_component_get_property(wolfssl wolfssl__wolfssl COMPONENT_LIB)

... to the esp-tls/CMakeLists.txt like this:

if(CONFIG_ESP_TLS_USING_WOLFSSL)
    idf_component_get_property(wolfssl wolfssl__wolfssl COMPONENT_LIB)
    target_link_libraries(${COMPONENT_LIB} PUBLIC ${wolfssl})
endif()

... that indeed the ESP-IDF components can find the local project wolfssl Managed Component. That's a clever implementation! I like it!! I agree this is a considerably better way of implementing a 3rd party component in the ESP-IDF.

Reminder for future reference: The idf_component_get_property needs to be added after the idf_component_register(...).

In my esp-wifi-h example above, I was also able to resolve the compiler error with the same section of code idf_component_get_property()... in the respective CmakeLists.txt.

There's a bit more work required on my part. In particular the currently published managed component (the 5.7.0 release) unfortunately does not include the Kconfig file setting for TLS_STACK_WOLFSSL. Thus even when selecting wolfssl in the menuconfig, the setting quietly falls back to not using wolfSSL due to the Kconfig dependency.

I still don't see a strong need to introduce a Kconfig option for source code path, or handling of this option in CMake.

For the typical end user, you are probably right. But from a component developer's perspective of modification of the component and contributing to the upstream source repository... how would you see that working? The Managed Component is static, disconnected source code, no? This is probably not an important issue for the ESP-IDF, but I personally find it quite appealing while developing the component. In the case of wolfSSL, there are continual, daily changes.

@igrr - Thank you so much for your help. I'm glad I asked in advance! Stay tuned while I put together a PR and publish a fresh wolfssl managed component.

Best Regards,

Jim

[igrr]

But from a component developer's perspective of modification of the component and contributing to the upstream source repository... how would you see that working?

There is an additional property called override_path you can add in the manifest when specifying a dependency.

Here is an example: https://github.com/espressif/idf-extra-components/blob/46213e9adb3fd3e09829afdbcb287cd2e5e06ea7/catch2/examples/catch2-console/main/idf_component.yml#L4. This line tells the component manager that if it is able to find a catch2 directory at the specified location (in this case, 3 directory levels up), it should use that as the component location, instead of downloading the component from the registry.

This approach works in cases when examples are somewhere inside a repository with the managed component, like with this catch2 component. Developers can work on an example project, while making changes to the component outside of the example project. Nothing gets downloaded, you can simply change the component and recompile the example project.

When the component is uploaded to the registry, the registry automatically removes override_path from from all the manifests, so that if somebody downloads the same example/component from the registry, we don't end up looking at the non-existent override_path.

(I have tried to explain this and other things in my last year's talk (https://igrr.github.io/edc23/1, https://www.youtube.com/watch?v=D86gQ4knUnc), perhaps you could go through it again? I think it will answer some of your questions.)

[gojimmypi]

There is an additional property called override_path you can add in the manifest when specifying a dependency.

Ah, I see. That's a good idea. I'd certainly rather follow the standards.

other things in my last year's talk

@igrr I had forgotten about the presentation! Thank you for the reminder. It is very helpful.

btw - It is an awesome presentation, particularly the companion https://igrr.github.io/edc23/1.

Thanks again for all your help & feedback.