jacob.eva/arduino-esp32
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
05a3de262a
arduino-esp32/libraries/WiFiClientSecure/src/ssl_client.cpp

262 lines
8.8 KiB
C++
Raw Normal View History

Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
/* Provide SSL/TLS functions to ESP32 with Arduino IDE
*
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
* Adapted from the ssl_client1 example of mbedtls.
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
*
* Original Copyright (C) 2006-2015, ARM Limited, All Rights Reserved, Apache 2.0 License.
* Additions Copyright (C) 2017 Evandro Luis Copercini, Apache 2.0 License.
*/
#include "Arduino.h"
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
#include <esp32-hal-log.h>
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
#include <lwip/sockets.h>
#include <lwip/err.h>
#include <lwip/sockets.h>
#include <lwip/sys.h>
#include <lwip/netdb.h>
#include "ssl_client.h"
const char *pers = "esp32-tls";
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
static int handle_error(int err)
{
#ifdef MBEDTLS_ERROR_C
char error_buf[100];
mbedtls_strerror(err, error_buf, 100);
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_e("%s", error_buf);
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
#endif
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_e("MbedTLS message code: %d", err);
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
return err;
}
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
void ssl_init(sslclient_context *ssl_client)
{
mbedtls_ssl_init(&ssl_client->ssl_ctx);
mbedtls_ssl_config_init(&ssl_client->ssl_conf);
mbedtls_ctr_drbg_init(&ssl_client->drbg_ctx);
}
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
int start_ssl_client(sslclient_context *ssl_client, uint32_t ipAddress, uint32_t port, const char *rootCABuff, const char *cli_cert, const char *cli_key)
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
{
char buf[512];
int ret, flags, len, timeout;
int enable = 1;
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("Free heap before TLS %u", xPortGetFreeHeapSize());
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("Starting socket");
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
ssl_client->socket = -1;
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
ssl_client->socket = lwip_socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (ssl_client->socket < 0) {
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_e("ERROR opening socket");
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
return ssl_client->socket;
}
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
struct sockaddr_in serv_addr;
memset(&serv_addr, 0, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
serv_addr.sin_addr.s_addr = ipAddress;
serv_addr.sin_port = htons(port);
if (lwip_connect(ssl_client->socket, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) == 0) {
timeout = 30000;
lwip_setsockopt(ssl_client->socket, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout));
lwip_setsockopt(ssl_client->socket, SOL_SOCKET, SO_SNDTIMEO, &timeout, sizeof(timeout));
lwip_setsockopt(ssl_client->socket, IPPROTO_TCP, TCP_NODELAY, &enable, sizeof(enable));
lwip_setsockopt(ssl_client->socket, SOL_SOCKET, SO_KEEPALIVE, &enable, sizeof(enable));
} else {
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_e("Connect to Server failed!");
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
return -1;
}
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
fcntl( ssl_client->socket, F_SETFL, fcntl( ssl_client->socket, F_GETFL, 0 ) | O_NONBLOCK );
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("Seeding the random number generator");
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
mbedtls_entropy_init(&ssl_client->entropy_ctx);
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
ret = mbedtls_ctr_drbg_seed(&ssl_client->drbg_ctx, mbedtls_entropy_func,
&ssl_client->entropy_ctx, (const unsigned char *) pers, strlen(pers));
if (ret < 0) {
return handle_error(ret);
}
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("Setting up the SSL/TLS structure...");
if ((ret = mbedtls_ssl_config_defaults(&ssl_client->ssl_conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
return handle_error(ret);
}
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
/* MBEDTLS_SSL_VERIFY_REQUIRED if a CA certificate is defined on Arduino IDE and
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
MBEDTLS_SSL_VERIFY_NONE if not.
*/
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
if (rootCABuff != NULL) {
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("Loading CA cert");
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
mbedtls_x509_crt_init(&ssl_client->ca_cert);
mbedtls_ssl_conf_authmode(&ssl_client->ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
ret = mbedtls_x509_crt_parse(&ssl_client->ca_cert, (const unsigned char *)rootCABuff, strlen(rootCABuff) + 1);
mbedtls_ssl_conf_ca_chain(&ssl_client->ssl_conf, &ssl_client->ca_cert, NULL);
//mbedtls_ssl_conf_verify(&ssl_client->ssl_ctx, my_verify, NULL );
if (ret < 0) {
return handle_error(ret);
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
}
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
} else {
mbedtls_ssl_conf_authmode(&ssl_client->ssl_conf, MBEDTLS_SSL_VERIFY_NONE);
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("WARNING: Use certificates for a more secure communication!");
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
}
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
if (cli_cert != NULL && cli_key != NULL) {
mbedtls_x509_crt_init(&ssl_client->client_cert);
mbedtls_pk_init(&ssl_client->client_key);
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("Loading CRT cert");
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
ret = mbedtls_x509_crt_parse(&ssl_client->client_cert, (const unsigned char *)cli_cert, strlen(cli_cert) + 1);
if (ret < 0) {
return handle_error(ret);
}
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("Loading private key");
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
ret = mbedtls_pk_parse_key(&ssl_client->client_key, (const unsigned char *)cli_key, strlen(cli_key) + 1, NULL, 0);
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
if (ret != 0) {
return handle_error(ret);
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
}
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
mbedtls_ssl_conf_own_cert(&ssl_client->ssl_conf, &ssl_client->client_cert, &ssl_client->client_key);
}
/*
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
// TODO: implement match CN verification
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("Setting hostname for TLS session...");
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
// Hostname set here should match CN in server certificate
if((ret = mbedtls_ssl_set_hostname(&ssl_client->ssl_ctx, host)) != 0)
{
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
return handle_error(ret);
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
}
*/
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
mbedtls_ssl_conf_rng(&ssl_client->ssl_conf, mbedtls_ctr_drbg_random, &ssl_client->drbg_ctx);
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
if ((ret = mbedtls_ssl_setup(&ssl_client->ssl_ctx, &ssl_client->ssl_conf)) != 0) {
return handle_error(ret);
}
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
mbedtls_ssl_set_bio(&ssl_client->ssl_ctx, &ssl_client->socket, mbedtls_net_send, mbedtls_net_recv, NULL );
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("Performing the SSL/TLS handshake...");
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
while ((ret = mbedtls_ssl_handshake(&ssl_client->ssl_ctx)) != 0) {
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != -76) { //workaround for bug: https://github.com/espressif/esp-idf/issues/434
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
return handle_error(ret);
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
}
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
delay(10);
vPortYield();
}
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
if (cli_cert != NULL && cli_key != NULL) {
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("Protocol is %s Ciphersuite is %s", mbedtls_ssl_get_version(&ssl_client->ssl_ctx), mbedtls_ssl_get_ciphersuite(&ssl_client->ssl_ctx));
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
if ((ret = mbedtls_ssl_get_record_expansion(&ssl_client->ssl_ctx)) >= 0) {
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("Record expansion is %d", ret);
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
} else {
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("Record expansion is unknown (compression)");
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
}
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
}
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("Verifying peer X.509 certificate...");
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
if ((flags = mbedtls_ssl_get_verify_result(&ssl_client->ssl_ctx)) != 0) {
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_e("Failed to verify peer certificate!");
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
bzero(buf, sizeof(buf));
mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", flags);
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_e("verification info: %s", buf);
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
stop_ssl_socket(ssl_client, rootCABuff, cli_cert, cli_key); //It's not safe continue.
return handle_error(ret);
} else {
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("Certificate verified.");
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
}
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("Free heap after TLS %u", xPortGetFreeHeapSize());
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
return ssl_client->socket;
}
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
void stop_ssl_socket(sslclient_context *ssl_client, const char *rootCABuff, const char *cli_cert, const char *cli_key)
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
{
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
log_i("Cleaning SSL connection.");
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
if (ssl_client->socket >= 0) {
close(ssl_client->socket);
ssl_client->socket = -1;
}
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
mbedtls_ssl_free(&ssl_client->ssl_ctx);
mbedtls_ssl_config_free(&ssl_client->ssl_conf);
mbedtls_ctr_drbg_free(&ssl_client->drbg_ctx);
mbedtls_entropy_free(&ssl_client->entropy_ctx);
if (rootCABuff != NULL) {
mbedtls_x509_crt_free(&ssl_client->ca_cert);
}
if (cli_cert != NULL) {
mbedtls_x509_crt_free(&ssl_client->client_cert);
}
if (cli_key != NULL) {
mbedtls_pk_free(&ssl_client->client_key);
}
}
int data_to_read(sslclient_context *ssl_client)
{
int ret, res;
ret = mbedtls_ssl_read(&ssl_client->ssl_ctx, NULL, 0);
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
//log_e("RET: %i",ret); //for low level debug
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
res = mbedtls_ssl_get_bytes_avail(&ssl_client->ssl_ctx);
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
//log_e("RES: %i",res);
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret < 0 && ret != -76) {
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
return handle_error(ret);
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
}
return res;
}
int send_ssl_data(sslclient_context *ssl_client, const uint8_t *data, uint16_t len)
{
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
//log_i("Writing HTTP request..."); //for low level debug
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
int ret = -1;
while ((ret = mbedtls_ssl_write(&ssl_client->ssl_ctx, data, len)) <= 0) {
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != -76) {
WiFiSecureClient fixes and improvements (#255) * Add CA certificate in example SHA1 fingerprint is broken now: more info: https://shattered.io * Best error handling When occur an error in WiFiClientSecure library just return the error message and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211 Translate MbedTLS error codes in messages for best understanding * Declarate certificates as const mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const. When we convert signed to unsigned it may result in a +1 larger output. Fix issue https://github.com/espressif/arduino-esp32/issues/223
2017-03-10 15:52:50 +01:00
return handle_error(ret);
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
}
}
len = ret;
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
//log_i("%d bytes written", len); //for low level debug
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
return ret;
}
int get_ssl_receive(sslclient_context *ssl_client, uint8_t *data, int length)
{
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
//log_i( "Reading HTTP response..."); //for low level debug
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
int ret = -1;
ret = mbedtls_ssl_read(&ssl_client->ssl_ctx, data, length);
Support self signed certificates (#291) * Support self signed certificates Fix for https://github.com/espressif/arduino-esp32/issues/265 mbedtls_ssl_conf_authmode was defined before mbedtls_ssl_config_defaults causing several bugs when no CA certificate is defined. * Implement Arduino's log facility Replace printf by ESP log handling * Remove \n from debug messages log_ doesn't need \n to break line.
2017-03-31 00:01:09 +02:00
//log_i( "%d bytes readed", ret); //for low level debug
Add WiFiClient secure lib (#184) * Provide SSL/TLS functions to ESP32 with Arduino IDE * Generate a new random number in case of reconnection
2017-02-10 23:20:24 +01:00
return ret;
}
Reference in New Issue Copy Permalink