Merge branch 'feat/update_esp_tls_as_mbedtls_update_v3.4' into 'release/v3.4'

feat(esp-tls): update to upstream 3.6.3

See merge request sdk/ESP8266_RTOS_SDK!1714

components/esp-tls/esp_tls_mbedtls.c

@@ -389,6 +389,10 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
             return ESP_ERR_MBEDTLS_SSL_SET_HOSTNAME_FAILED;
         }
         free(use_host);
+#ifdef CONFIG_MBEDTLS_V3
+    } else {
+         mbedtls_ssl_set_hostname(&tls->ssl, NULL);
+#endif
     }
 
     if ((ret = mbedtls_ssl_config_defaults(&tls->conf,

components/mbedtls/mbedtls_v3/Kconfig

@@ -1148,3 +1148,9 @@ config MBEDTLS_USE_CRYPTO_ROM_IMPL
         the flash footprint and hence care must be taken to keep some reserved space
         for the application binary in flash layout.
 
+    config MBEDTLS_ALLOW_WEAK_CERTIFICATE_VERIFICATION
+        bool "Allow weak certificate verification"
+        default n
+        help
+            This options allows weak certificate verification by skipping the hostname verification.
+            It is not recommended to use this option.

components/mbedtls/mbedtls_v3/port/include/mbedtls/esp_config.h

@@ -2078,6 +2078,21 @@
 #undef MBEDTLS_ERROR_C
 #endif
 
+/**
+ * \def MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ *
+ * Caller: library/ssl_tls.c
+ *
+ * Allow weak certificate verification without a hostname.
+ * This option is not recommended for production use.
+ */
+
+#if CONFIG_MBEDTLS_ALLOW_WEAK_CERTIFICATE_VERIFICATION
+#define MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+#else
+#undef MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+#endif
+
 /**
  * \def MBEDTLS_GCM_C
  *