eSDK provides a builtin TLS implementation based on MbedTLS for the platforms that want to support HTTPS out of the box.
The integration is required to support and manage an exhaustive list of CA Root Certificates for peer authentication.
- eSDK provides support of TLS through the builtin MbedTLS implementation
- The integration provides and manages the lifecycle of CA Root certificates.
HTTPS support is required in order to provide:
- Playback of podcasts hosted outside Spotify
- User privacy
- Future use of modern protocols for eSDK to Spotify backend communication.
Note: eSDK has a software abstraction for the TLS stack, it is possible for the integration to implement the full HTTPS stack.
Please refer to
spotify_embedded_tls.h for more detail on the APIs to implement.
There are two APIs that the integration needs to implement in order to get HTTPS support, one is for adding certificates and the other is for freeing them:
Add New Certificates
SpTLSAddCARootCert(const uint8_t *certificate, size_t length, int *underlying_error)
- This API is cumulative, it can be called several times until the integration has loaded all the certificates.
- This API must be called before calling SpInit or after SpFree.
- This API allocates and owns the memory to store the certificates. The integration can reuse the memory used to pass the certificates (first parameter)
This API must be called before calling SpInit or after SpFree.