Set TLS cert options before calling connect on client, so verify works (#3774)
When connecting using transportTraits, the CA and client certificates are ignored after the initial _client->connect() is called. This is because on connect, WiFiClientSecure will call start_ssl_client with _CA_Cert and other cert options set to null unless setCACert, setCertificate etc. are called before connect. Running _transportTraits->verify after connect therefore does exactly nothing. It's easy to verify that this is the case by passing a CACert to HTTPClient with verbose logging enabled - the logs will say "WARNING: Use certificates for a more secure communication!" which is only present when both PSK and CA are null. This change fixes the issue.
This commit is contained in:
parent
5871ca9ce9
commit
7a92f89d12
@ -1012,7 +1012,13 @@ bool HTTPClient::connect(void)
|
||||
log_d("HTTPClient::begin was not called or returned error");
|
||||
return false;
|
||||
}
|
||||
|
||||
#ifdef HTTPCLIENT_1_1_COMPATIBLE
|
||||
if (_tcpDeprecated && !_transportTraits->verify(*_client, _host.c_str())) {
|
||||
log_d("transport level verify failed");
|
||||
_client->stop();
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
if(!_client->connect(_host.c_str(), _port, _connectTimeout)) {
|
||||
log_d("failed connect to %s:%u", _host.c_str(), _port);
|
||||
return false;
|
||||
@ -1023,14 +1029,6 @@ bool HTTPClient::connect(void)
|
||||
|
||||
log_d(" connected to %s:%u", _host.c_str(), _port);
|
||||
|
||||
#ifdef HTTPCLIENT_1_1_COMPATIBLE
|
||||
if (_tcpDeprecated && !_transportTraits->verify(*_client, _host.c_str())) {
|
||||
log_d("transport level verify failed");
|
||||
_client->stop();
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
/*
|
||||
#ifdef ESP8266
|
||||
|
Loading…
Reference in New Issue
Block a user