Description
mbedtls for CYW43 (Pico W) is provide by lib/mbedtls. For Espressif, we use the ESP-IDF component/mbedtls. But since pico-sdk 1.5.0, mbedtls is included as a submodule in pico-sdk, and an API was added.
#8926 moved ssl to shared-module, which was welcome, allowing a lot of shared code.
ESP-IDF v5.4 changed the in-flash root cert list format (see 62d16ce), which necessitated going back to ESP-IDF code for cert bundle management, instead of using the code in lib/mbedtls_config.
As the SDK's update their own use of mbedtls, version skew like this may continue to happen. Consider using the SDK-native mbedtls support in pico-sdk instead of the version copied from ESP-IDF, and using the version of mbedtls in pico-sdk to match that. A wrapper API could be developed for shared-module/ssl that has separate implementations for pico-sdk and ESP-IDF.