tcp_transport: added API for client-key password

components/esp-tls/esp_tls_mbedtls.c

@@ -266,7 +266,7 @@ static esp_err_t set_pki_context(esp_tls_t *tls, const esp_tls_pki_t *pki)
         }
 
         ret = mbedtls_pk_parse_key(pki->pk_key, pki->privkey_pem_buf, pki->privkey_pem_bytes,
-                                   NULL, 0);
+                                   pki->privkey_password, pki->privkey_password_len);
         if (ret < 0) {
             ESP_LOGE(TAG, "mbedtls_pk_parse_keyfile returned -0x%x", -ret);
             ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ERR_TYPE_MBEDTLS, -ret);

components/tcp_transport/include/esp_transport_ssl.h

@@ -92,6 +92,16 @@ void esp_transport_ssl_set_client_cert_data_der(esp_transport_handle_t t, const
  */
 void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char *data, int len);
 
+/**
+ * @brief      Set SSL client key password if the key is password protected. The configured
+ *             password is passed to the underlying TLS stack to decrypt the client key
+ *
+ * @param      t     ssl transport
+ * @param[in]  password  Pointer to the password
+ * @param[in]  password_len   Password length
+ */
+void esp_transport_ssl_set_client_key_password(esp_transport_handle_t t, const char *password, int password_len);
+
 /**
  * @brief      Set SSL client key data for mutual authentication (as DER format).
  *             Note that, this function stores the pointer to data, rather than making a copy.

components/tcp_transport/transport_ssl.c

@@ -245,6 +245,15 @@ void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char
     }
 }
 
+void esp_transport_ssl_set_client_key_password(esp_transport_handle_t t, const char *password, int password_len)
+{
+    transport_ssl_t *ssl = esp_transport_get_context_data(t);
+    if (t && ssl) {
+        ssl->cfg.clientkey_password = (void *)password;
+        ssl->cfg.clientkey_password_len = password_len;
+    }
+}
+
 void esp_transport_ssl_set_client_key_data_der(esp_transport_handle_t t, const char *data, int len)
 {
     transport_ssl_t *ssl = esp_transport_get_context_data(t);