From 46257c03b3673d7a34ba0084b7f1352cb177e5f7 Mon Sep 17 00:00:00 2001 From: A C SREEDHAR REDDY Date: Tue, 27 Nov 2018 03:55:08 +0530 Subject: [PATCH] handshake in ssl_client.cpp (#2044) * issue #2041 * handshake timeout * seconds to milliseconds --- libraries/WiFiClientSecure/src/WiFiClientSecure.cpp | 8 +++++++- libraries/WiFiClientSecure/src/WiFiClientSecure.h | 1 + libraries/WiFiClientSecure/src/ssl_client.cpp | 6 ++++-- libraries/WiFiClientSecure/src/ssl_client.h | 2 ++ 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp b/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp index 40054f1c..1a857475 100644 --- a/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp +++ b/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp @@ -35,7 +35,7 @@ WiFiClientSecure::WiFiClientSecure() sslclient = new sslclient_context; ssl_init(sslclient); sslclient->socket = -1; - + sslclient->handshake_timeout = 120000; _CA_cert = NULL; _cert = NULL; _private_key = NULL; @@ -50,6 +50,7 @@ WiFiClientSecure::WiFiClientSecure(int sock) sslclient = new sslclient_context; ssl_init(sslclient); sslclient->socket = sock; + sslclient->handshake_timeout = 120000; if (sock >= 0) { _connected = true; @@ -285,3 +286,8 @@ int WiFiClientSecure::lastError(char *buf, const size_t size) snprintf(buf, size, "%s", error_buf); return _lastError; } + +void WiFiClientSecure::setHandshakeTimeout(unsigned long handshake_timeout) +{ + sslclient->handshake_timeout = handshake_timeout * 1000; +} \ No newline at end of file diff --git a/libraries/WiFiClientSecure/src/WiFiClientSecure.h b/libraries/WiFiClientSecure/src/WiFiClientSecure.h index 21d9152f..a9ba3761 100644 --- a/libraries/WiFiClientSecure/src/WiFiClientSecure.h +++ b/libraries/WiFiClientSecure/src/WiFiClientSecure.h @@ -62,6 +62,7 @@ public: bool loadCertificate(Stream& stream, size_t size); bool loadPrivateKey(Stream& stream, size_t size); bool verify(const char* fingerprint, const char* domain_name); + void setHandshakeTimeout(unsigned long handshake_timeout); operator bool() { diff --git a/libraries/WiFiClientSecure/src/ssl_client.cpp b/libraries/WiFiClientSecure/src/ssl_client.cpp index 08be7d42..f8736bd5 100644 --- a/libraries/WiFiClientSecure/src/ssl_client.cpp +++ b/libraries/WiFiClientSecure/src/ssl_client.cpp @@ -158,12 +158,14 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p mbedtls_ssl_set_bio(&ssl_client->ssl_ctx, &ssl_client->socket, mbedtls_net_send, mbedtls_net_recv, NULL ); log_v("Performing the SSL/TLS handshake..."); - + unsigned long handshake_start_time=millis(); while ((ret = mbedtls_ssl_handshake(&ssl_client->ssl_ctx)) != 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { return handle_error(ret); } - vTaskDelay(10 / portTICK_PERIOD_MS); + if((millis()-handshake_start_time)>ssl_client->handshake_timeout) + return -1; + vTaskDelay(10 / portTICK_PERIOD_MS); } diff --git a/libraries/WiFiClientSecure/src/ssl_client.h b/libraries/WiFiClientSecure/src/ssl_client.h index 81e0b33a..6575313d 100644 --- a/libraries/WiFiClientSecure/src/ssl_client.h +++ b/libraries/WiFiClientSecure/src/ssl_client.h @@ -23,6 +23,8 @@ typedef struct sslclient_context { mbedtls_x509_crt ca_cert; mbedtls_x509_crt client_cert; mbedtls_pk_context client_key; + + unsigned long handshake_timeout; } sslclient_context;