Add an example for how to enable TLS verification. (#381)

* Add an example for how to enable TLS verification.

TLS should really be used with verification enabled, as otherwise you
can still suffer from a "man in the middle" attack. Add an example that
demonstrates how to do this.

Fixes #337

pico_w/wifi/tls_client/CMakeLists.txt

@@ -1,5 +1,6 @@
 add_executable(picow_tls_client_background
         picow_tls_client.c
+        tls_common.c
         )
 target_compile_definitions(picow_tls_client_background PRIVATE
         WIFI_SSID=\"${WIFI_SSID}\"
@@ -19,6 +20,7 @@ pico_add_extra_outputs(picow_tls_client_background)
 
 add_executable(picow_tls_client_poll
         picow_tls_client.c
+        tls_common.c
         )
 target_compile_definitions(picow_tls_client_poll PRIVATE
         WIFI_SSID=\"${WIFI_SSID}\"
@@ -36,6 +38,30 @@ target_link_libraries(picow_tls_client_poll
         )
 pico_add_extra_outputs(picow_tls_client_poll)
 
+# This version verifies the tls connection with a certificate
+add_executable(picow_tls_verify_background
+        tls_verify.c
+        tls_common.c
+        )
+target_compile_definitions(picow_tls_verify_background PRIVATE
+        WIFI_SSID=\"${WIFI_SSID}\"
+        WIFI_PASSWORD=\"${WIFI_PASSWORD}\"
+        # By default verification is optional (MBEDTLS_SSL_VERIFY_OPTIONAL)
+        # Make it required for this test
+        ALTCP_MBEDTLS_AUTHMODE=MBEDTLS_SSL_VERIFY_REQUIRED
+        )
+target_include_directories(picow_tls_verify_background PRIVATE
+        ${CMAKE_CURRENT_LIST_DIR}
+        ${CMAKE_CURRENT_LIST_DIR}/.. # for our common lwipopts
+        )
+target_link_libraries(picow_tls_verify_background
+        pico_cyw43_arch_lwip_threadsafe_background
+        pico_lwip_mbedtls
+        pico_mbedtls
+        pico_stdlib
+        )
+pico_add_extra_outputs(picow_tls_verify_background)
+
 # Ignore warnings from lwip code
 set_source_files_properties(
         ${PICO_LWIP_PATH}/src/apps/altcp_tls/altcp_tls_mbedtls.c