feat(websocket): Support DS peripheral for mutual TLS (IDFGH-12285)

[johanstokking]

Fantastic project guys. Here's something I use that you might want to take into consideration: supporting the DS peripheral for mutual TLS.

Example usage with https://github.com/espressif/esp_secure_cert_mgr/:

    char *client_cert = NULL;
    uint32_t client_cert_len = 0;
    esp_err_t ret = esp_secure_cert_get_device_cert(&client_cert, &client_cert_len);
    assert(esp_ret == ESP_OK);

    esp_ds_data_ctx_t *ds_data = esp_secure_cert_get_ds_ctx();
    assert(ds_data != NULL);

    esp_websocket_client_config_t config = {
        .uri = "wss://echo.websocket.org",
        .client_cert = client_cert, /* in this example it's PEM so client_cert_len is not set */
        .client_ds_data = ds_data,
        .crt_bundle_attach = esp_crt_bundle_attach,
    };

I considered adding this to the example project, but I feel like it gets bloated quickly with dependencies and ifdefs.

[CLAassistant]

All committers have signed the CLA.

[johanstokking]

@gabsuren Can you shed some light on this? Thanks!

[gabsuren]

@gabsuren Can you shed some light on this? Thanks!

Sorry for the late response, it's on the line with #621

[david-cermak]

@johanstokking Thanks for implementing this useful feature. I've tested locally and it works as expected.

I also think that we shouldn't add more configs and user options to the current example. It's already quite hard to follow for first-time users.
It would be helpful though to add a few sentences to the README.

Could you please make the following changes:

• Rebase your PR onto the recent master?
• Add the info you shared here: feat(websocket): Support DS peripheral for mutual TLS (IDFGH-12285) #520 (comment) to the example's README.md -- just add a section about the DS mode , including the dependency:

idf.py add-dependency esp_secure_cert_mgr

[johanstokking]

@david-cermak I implemented your suggestions. I got myself briefly in the rabbit hole of rendering per-target documentation pages (to render the DS peripheral section conditionally on SOC_DIG_SIGN_SUPPORTED, like supported in esp-idf repo), but I have too little experience with this docs system to implement that properly.

This is what the TLS section looks like:

[david-cermak]

Nice, thanks for the updates (and those little fixes to the docs)!

[david-cermak]

This is what the TLS section looks like:

sorry, hit edit instead of reply. wanted to say that we don't generate the docs for each target, only one static page.