Improve PlatformIO Certificate Bundle Support

.wolfssl_known_macro_extras

@@ -96,6 +96,7 @@ CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI
 CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
 CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
 CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
+CONFIG_ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING
 CONFIG_FREERTOS_HZ
 CONFIG_FREERTOS_UNICORE
 CONFIG_IDF_TARGET
@@ -286,6 +287,7 @@ IOTSAFE_NO_GETDATA
 IOTSAFE_SIG_8BIT_LENGTH
 KCAPI_USE_XMALLOC
 K_SERIES
+LIBWOLFSSL_CMAKE_OUTPUT
 LIBWOLFSSL_VERSION_GIT_BRANCH
 LIBWOLFSSL_VERSION_GIT_HASH
 LIBWOLFSSL_VERSION_GIT_HASH_DATE
@@ -415,6 +417,7 @@ NO_WOLFSSL_SHA256_INTERLEAVE
 NO_WOLFSSL_SHA512_INTERLEAVE
 NO_WOLFSSL_SKIP_TRAILING_PAD
 NO_WOLFSSL_SMALL_STACK_STATIC
+NO_WOLFSSL_USE_ASM_CERT
 NO_WOLFSSL_XILINX_TAG_MALLOC
 NRF52
 NRF52_SERIES
@@ -456,6 +459,7 @@ SHOW_CERTS
 SHOW_GEN
 SHOW_SIZES
 SHOW_SSID_AND_PASSWORD
+SHOW_WOLFSSL_BUNDLE_ERROR
 SIM_SCGC3_RNGA_MASK
 SIM_SCGC5_PORTC_MASK
 SIM_SCGC5_PORTD_MASK

IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig

@@ -274,10 +274,28 @@ menu "wolfSSL"
                     bool "Do not use the default certificate bundle"
             endchoice
 
+            config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE
+                depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                default n
+                bool "Use alternate certificate bundle"
+                help
+                    Typically only used for PlatformIO which cannot generate a certificate bundle at build time.
+                    Enable this option to specify a fixed wolfSSL certificate file path and file name.
+
+            config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME
+                depends on WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
+                string "Default certificate bundle alternate path and name"
+                default "./certs/x509_crt_bundle_wolfssl"
+                help
+                    Name of the default certificate bundle directory. Typically used only with PlatformIO.
+                    Reminder PlatformIO cannot generate a bundle from cmake python script call. Relative
+                    paths are with respect to root of this project.
+
             config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
                 depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
                 default n
                 bool "Add custom certificates to the default bundle"
+
             config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
                 depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
                 string "Custom certificate bundle path"
@@ -430,6 +448,12 @@ menu "wolfSSL"
             help
                 Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
 
+        config ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING
+            bool "Suppress build-time warnings for main stack size"
+            default n
+            help
+                Useful only when wolfSSL is running in main task. See FreeRTOS stack size for custom tasks.
+
         config ESP_WOLFSSL_TEST_LOOP
             bool "Run test apps in a loop until failure"
             default y

IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h

@@ -853,13 +853,18 @@
     #ifndef NO_RSA
         #define ESP32_USE_RSA_PRIMITIVE
 
-        #if defined(CONFIG_IDF_TARGET_ESP32)
-            #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+        #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
+            /* See idf.py menuconfig for stack warning settings */
+            #if !defined(CONFIG_ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING)
                 #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
-                    #warning "RSA may be difficult with less than 10KB Stack "/
+                    #warning "RSA may be difficult with less than 10KB Stack"
                 #endif
+            #else
+                /* Implement your own stack warning here */
             #endif
+        #endif
 
+        #if defined(CONFIG_IDF_TARGET_ESP32)
             /* NOTE HW unreliable for small values! */
             /* threshold for performance adjustment for HW primitive use   */
             /* X bits of G^X mod P greater than                            */