Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings
This repository was archived by the owner on May 12, 2022. It is now read-only.

Commit ef99cd7

Browse filesBrowse files
authored
Add WiFiClientSecure::setInsecure() to equalize API with ESP8266 (espressif#4648)
1 parent b05bdf6 commit ef99cd7
Copy full SHA for ef99cd7

File tree

6 files changed

+106
-22
lines changed
Filter options

6 files changed

+106
-22
lines changed

‎libraries/HTTPClient/src/HTTPClient.cpp

Copy file name to clipboardExpand all lines: libraries/HTTPClient/src/HTTPClient.cpp
+9-5Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -73,11 +73,15 @@ class TLSTraits : public TransportTraits
7373

7474
bool verify(WiFiClient& client, const char* host) override
7575
{
76-
WiFiClientSecure& wcs = static_cast<WiFiClientSecure&>(client);
77-
wcs.setCACert(_cacert);
78-
wcs.setCertificate(_clicert);
79-
wcs.setPrivateKey(_clikey);
80-
return true;
76+
WiFiClientSecure& wcs = static_cast<WiFiClientSecure&>(client);
77+
if (_cacert == nullptr) {
78+
wcs.setInsecure();
79+
} else {
80+
wcs.setCACert(_cacert);
81+
wcs.setCertificate(_clicert);
82+
wcs.setPrivateKey(_clikey);
83+
}
84+
return true;
8185
}
8286

8387
protected:
+61Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
#include <WiFiClientSecure.h>
2+
3+
const char* ssid = "your-ssid"; // your network SSID (name of wifi network)
4+
const char* password = "your-password"; // your network password
5+
6+
const char* server = "www.howsmyssl.com"; // Server URL
7+
8+
WiFiClientSecure client;
9+
10+
void setup() {
11+
//Initialize serial and wait for port to open:
12+
Serial.begin(115200);
13+
delay(100);
14+
15+
Serial.print("Attempting to connect to SSID: ");
16+
Serial.println(ssid);
17+
WiFi.begin(ssid, password);
18+
19+
// attempt to connect to Wifi network:
20+
while (WiFi.status() != WL_CONNECTED) {
21+
Serial.print(".");
22+
// wait 1 second for re-trying
23+
delay(1000);
24+
}
25+
26+
Serial.print("Connected to ");
27+
Serial.println(ssid);
28+
29+
Serial.println("\nStarting connection to server...");
30+
client.setInsecure();//skip verification
31+
if (!client.connect(server, 443))
32+
Serial.println("Connection failed!");
33+
else {
34+
Serial.println("Connected to server!");
35+
// Make a HTTP request:
36+
client.println("GET https://www.howsmyssl.com/a/check HTTP/1.0");
37+
client.println("Host: www.howsmyssl.com");
38+
client.println("Connection: close");
39+
client.println();
40+
41+
while (client.connected()) {
42+
String line = client.readStringUntil('\n');
43+
if (line == "\r") {
44+
Serial.println("headers received");
45+
break;
46+
}
47+
}
48+
// if there are incoming bytes available
49+
// from the server, read them and print them:
50+
while (client.available()) {
51+
char c = client.read();
52+
Serial.write(c);
53+
}
54+
55+
client.stop();
56+
}
57+
}
58+
59+
void loop() {
60+
// do nothing
61+
}

‎libraries/WiFiClientSecure/src/WiFiClientSecure.cpp

Copy file name to clipboardExpand all lines: libraries/WiFiClientSecure/src/WiFiClientSecure.cpp
+17-6Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ WiFiClientSecure::WiFiClientSecure()
3636
ssl_init(sslclient);
3737
sslclient->socket = -1;
3838
sslclient->handshake_timeout = 120000;
39+
_use_insecure = false;
3940
_CA_cert = NULL;
4041
_cert = NULL;
4142
_private_key = NULL;
@@ -116,17 +117,17 @@ int WiFiClientSecure::connect(const char *host, uint16_t port, int32_t timeout){
116117
return connect(host, port);
117118
}
118119

119-
int WiFiClientSecure::connect(IPAddress ip, uint16_t port, const char *_CA_cert, const char *_cert, const char *_private_key)
120+
int WiFiClientSecure::connect(IPAddress ip, uint16_t port, const char *CA_cert, const char *cert, const char *private_key)
120121
{
121-
return connect(ip.toString().c_str(), port, _CA_cert, _cert, _private_key);
122+
return connect(ip.toString().c_str(), port, CA_cert, cert, private_key);
122123
}
123124

124-
int WiFiClientSecure::connect(const char *host, uint16_t port, const char *_CA_cert, const char *_cert, const char *_private_key)
125+
int WiFiClientSecure::connect(const char *host, uint16_t port, const char *CA_cert, const char *cert, const char *private_key)
125126
{
126127
if(_timeout > 0){
127128
sslclient->handshake_timeout = _timeout;
128129
}
129-
int ret = start_ssl_client(sslclient, host, port, _timeout, _CA_cert, _cert, _private_key, NULL, NULL);
130+
int ret = start_ssl_client(sslclient, host, port, _timeout, CA_cert, cert, private_key, NULL, NULL, _use_insecure);
130131
_lastError = ret;
131132
if (ret < 0) {
132133
log_e("start_ssl_client: %d", ret);
@@ -138,15 +139,15 @@ int WiFiClientSecure::connect(const char *host, uint16_t port, const char *_CA_c
138139
}
139140

140141
int WiFiClientSecure::connect(IPAddress ip, uint16_t port, const char *pskIdent, const char *psKey) {
141-
return connect(ip.toString().c_str(), port,_pskIdent, _psKey);
142+
return connect(ip.toString().c_str(), port, pskIdent, psKey);
142143
}
143144

144145
int WiFiClientSecure::connect(const char *host, uint16_t port, const char *pskIdent, const char *psKey) {
145146
log_v("start_ssl_client with PSK");
146147
if(_timeout > 0){
147148
sslclient->handshake_timeout = _timeout;
148149
}
149-
int ret = start_ssl_client(sslclient, host, port, _timeout, NULL, NULL, NULL, _pskIdent, _psKey);
150+
int ret = start_ssl_client(sslclient, host, port, _timeout, NULL, NULL, NULL, pskIdent, psKey, _use_insecure);
150151
_lastError = ret;
151152
if (ret < 0) {
152153
log_e("start_ssl_client: %d", ret);
@@ -245,6 +246,16 @@ uint8_t WiFiClientSecure::connected()
245246
return _connected;
246247
}
247248

249+
void WiFiClientSecure::setInsecure()
250+
{
251+
_CA_cert = NULL;
252+
_cert = NULL;
253+
_private_key = NULL;
254+
_pskIdent = NULL;
255+
_psKey = NULL;
256+
_use_insecure = true;
257+
}
258+
248259
void WiFiClientSecure::setCACert (const char *rootCA)
249260
{
250261
_CA_cert = rootCA;

‎libraries/WiFiClientSecure/src/WiFiClientSecure.h

Copy file name to clipboardExpand all lines: libraries/WiFiClientSecure/src/WiFiClientSecure.h
+2Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@ class WiFiClientSecure : public WiFiClient
3333
int _lastError = 0;
3434
int _peek = -1;
3535
int _timeout = 0;
36+
bool _use_insecure;
3637
const char *_CA_cert;
3738
const char *_cert;
3839
const char *_private_key;
@@ -62,6 +63,7 @@ class WiFiClientSecure : public WiFiClient
6263
void stop();
6364
uint8_t connected();
6465
int lastError(char *buf, const size_t size);
66+
void setInsecure(); // Don't validate the chain, just accept whatever is given. VERY INSECURE!
6567
void setPreSharedKey(const char *pskIdent, const char *psKey); // psKey in Hex
6668
void setCACert(const char *rootCA);
6769
void setCertificate(const char *client_ca);

‎libraries/WiFiClientSecure/src/ssl_client.cpp

Copy file name to clipboardExpand all lines: libraries/WiFiClientSecure/src/ssl_client.cpp
+16-10Lines changed: 16 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -51,13 +51,17 @@ void ssl_init(sslclient_context *ssl_client)
5151
}
5252

5353

54-
int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t port, int timeout, const char *rootCABuff, const char *cli_cert, const char *cli_key, const char *pskIdent, const char *psKey)
54+
int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t port, int timeout, const char *rootCABuff, const char *cli_cert, const char *cli_key, const char *pskIdent, const char *psKey, bool insecure)
5555
{
5656
char buf[512];
5757
int ret, flags;
5858
int enable = 1;
5959
log_v("Free internal heap before TLS %u", ESP.getFreeHeap());
6060

61+
if (rootCABuff == NULL && pskIdent == NULL && psKey == NULL && !insecure) {
62+
return -1;
63+
}
64+
6165
log_v("Starting socket");
6266
ssl_client->socket = -1;
6367

@@ -118,16 +122,19 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p
118122
// MBEDTLS_SSL_VERIFY_REQUIRED if a CA certificate is defined on Arduino IDE and
119123
// MBEDTLS_SSL_VERIFY_NONE if not.
120124

121-
if (rootCABuff != NULL) {
125+
if (insecure) {
126+
mbedtls_ssl_conf_authmode(&ssl_client->ssl_conf, MBEDTLS_SSL_VERIFY_NONE);
127+
log_i("WARNING: Skipping SSL Verification. INSECURE!");
128+
} else if (rootCABuff != NULL) {
122129
log_v("Loading CA cert");
123130
mbedtls_x509_crt_init(&ssl_client->ca_cert);
124131
mbedtls_ssl_conf_authmode(&ssl_client->ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
125132
ret = mbedtls_x509_crt_parse(&ssl_client->ca_cert, (const unsigned char *)rootCABuff, strlen(rootCABuff) + 1);
126133
mbedtls_ssl_conf_ca_chain(&ssl_client->ssl_conf, &ssl_client->ca_cert, NULL);
127134
//mbedtls_ssl_conf_verify(&ssl_client->ssl_ctx, my_verify, NULL );
128135
if (ret < 0) {
129-
// free the ca_cert in the case parse failed, otherwise, the old ca_cert still in the heap memory, that lead to "out of memory" crash.
130-
mbedtls_x509_crt_free(&ssl_client->ca_cert);
136+
// free the ca_cert in the case parse failed, otherwise, the old ca_cert still in the heap memory, that lead to "out of memory" crash.
137+
mbedtls_x509_crt_free(&ssl_client->ca_cert);
131138
return handle_error(ret);
132139
}
133140
} else if (pskIdent != NULL && psKey != NULL) {
@@ -161,20 +168,19 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p
161168
return handle_error(ret);
162169
}
163170
} else {
164-
mbedtls_ssl_conf_authmode(&ssl_client->ssl_conf, MBEDTLS_SSL_VERIFY_NONE);
165-
log_i("WARNING: Use certificates for a more secure communication!");
171+
return -1;
166172
}
167173

168-
if (cli_cert != NULL && cli_key != NULL) {
174+
if (!insecure && cli_cert != NULL && cli_key != NULL) {
169175
mbedtls_x509_crt_init(&ssl_client->client_cert);
170176
mbedtls_pk_init(&ssl_client->client_key);
171177

172178
log_v("Loading CRT cert");
173179

174180
ret = mbedtls_x509_crt_parse(&ssl_client->client_cert, (const unsigned char *)cli_cert, strlen(cli_cert) + 1);
175181
if (ret < 0) {
176-
// free the client_cert in the case parse failed, otherwise, the old client_cert still in the heap memory, that lead to "out of memory" crash.
177-
mbedtls_x509_crt_free(&ssl_client->client_cert);
182+
// free the client_cert in the case parse failed, otherwise, the old client_cert still in the heap memory, that lead to "out of memory" crash.
183+
mbedtls_x509_crt_free(&ssl_client->client_cert);
178184
return handle_error(ret);
179185
}
180186

@@ -211,7 +217,7 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p
211217
}
212218
if((millis()-handshake_start_time)>ssl_client->handshake_timeout)
213219
return -1;
214-
vTaskDelay(10 / portTICK_PERIOD_MS);
220+
vTaskDelay(2);//2 ticks
215221
}
216222

217223

‎libraries/WiFiClientSecure/src/ssl_client.h

Copy file name to clipboardExpand all lines: libraries/WiFiClientSecure/src/ssl_client.h
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ typedef struct sslclient_context {
2929

3030

3131
void ssl_init(sslclient_context *ssl_client);
32-
int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t port, int timeout, const char *rootCABuff, const char *cli_cert, const char *cli_key, const char *pskIdent, const char *psKey);
32+
int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t port, int timeout, const char *rootCABuff, const char *cli_cert, const char *cli_key, const char *pskIdent, const char *psKey, bool insecure);
3333
void stop_ssl_socket(sslclient_context *ssl_client, const char *rootCABuff, const char *cli_cert, const char *cli_key);
3434
int data_to_read(sslclient_context *ssl_client);
3535
int send_ssl_data(sslclient_context *ssl_client, const uint8_t *data, uint16_t len);

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.