Commit f64f904

authored

Merge pull request #436 from pennam/ssl-fixes

C33 SSL client fix stop() and connect( .. ) with psk

2 parents 4c73daf + deca0ab commit f64f904Copy full SHA for f64f904

File tree

5 files changed

+40

-41

lines changed

libraries/SSLClient/src

5 files changed

+40

-41

lines changed

`‎libraries/SSLClient/src/SSLClient.cpp`

Lines changed: 5 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -97,12 +97,9 @@ void SSLClient::setClient(Client& client)`
`97`	`97`
`98`	`98`	`void SSLClient::stop()`
`99`	`99`	`{`
`100`		`- if (sslclient->client >= 0) {`
`101`		`- //sslclient->client->stop();`
`102`		`- _connected = false;`
`103`		`- _peek = -1;`
`104`		`- }`
`105`		`- stop_ssl_socket(sslclient, _CA_cert, _cert, _private_key);`
	`100`	`+ stop_ssl_socket(sslclient);`
	`101`	`+ _connected = false;`
	`102`	`+ _peek = -1;`
`106`	`103`	`}`
`107`	`104`
`108`	`105`	`int SSLClient::connect(IPAddress ip, uint16_t port)`
`@@ -150,12 +147,12 @@ int SSLClient::connect(const char host, uint16_t port, const char _CA_cert, co`
`150`	`147`	`}`
`151`	`148`
`152`	`149`	`int SSLClient::connect(IPAddress ip, uint16_t port, const char pskIdent, const char psKey) {`
`153`		`- return connect(ip.toString().c_str(), port,_pskIdent, _psKey);`
	`150`	`+ return connect(ip.toString().c_str(), port, pskIdent, psKey);`
`154`	`151`	`}`
`155`	`152`
`156`	`153`	`int SSLClient::connect(const char host, uint16_t port, const char pskIdent, const char *psKey) {`
`157`	`154`	`log_v("start_ssl_client with PSK");`
`158`		`- int ret = start_ssl_client(sslclient, host, port, _timeout, NULL, NULL, NULL, NULL, _pskIdent, _psKey, _use_insecure);`
	`155`	`+ int ret = start_ssl_client(sslclient, host, port, _timeout, NULL, NULL, NULL, NULL, pskIdent, psKey, _use_insecure);`
`159`	`156`	`_lastError = ret;`
`160`	`157`	`if (ret < 0) {`
`161`	`158`	`log_e("start_ssl_client: %d", ret);`

`‎libraries/SSLClient/src/ssl_client.cpp`

Lines changed: 24 additions & 23 deletions

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,7 @@ static int _handle_error(int err, const char * file, int line)`
`38`	`38`
`39`	`39`	`#define handle_error(e) _handle_error(e, __FUNCTION__, __LINE__)`
`40`	`40`
	`41`	`+#if defined(SSL_CLIENT_RECV_DISABLE_TIMEOUT)`
`41`	`42`	`/**`
`42`	`43`	`* \brief Read at most 'len' characters. If no error occurs,`
`43`	`44`	`* the actual amount read is returned.`
`@@ -52,11 +53,11 @@ static int _handle_error(int err, const char * file, int line)`
`52`	`53`	`*/`
`53`	`54`	`static int client_net_recv( void ctx, unsigned char buf, size_t len ) {`
`54`	`55`	`Client client = (Client)ctx;`
`55`		`- if (!client) {`
	`56`	`+ if (!client) {`
`56`	`57`	`log_e("Uninitialised!");`
`57`	`58`	`return -1;`
`58`	`59`	`}`
`59`		`-`
	`60`	`+`
`60`	`61`	`//if (!client->connected()) {`
`61`	`62`	`// log_e("Not connected!");`
`62`	`63`	`// return -2;`
`@@ -68,31 +69,31 @@ static int client_net_recv( void ctx, unsigned char buf, size_t len ) {`
`68`	`69`	`if (result > 0) {`
`69`	`70`	`//esp_log_buffer_hexdump_internal("SSL.RD", buf, (uint16_t)result, ESP_LOG_VERBOSE);`
`70`	`71`	`}`
`71`		`-`
	`72`	`+`
`72`	`73`	`return result;`
`73`	`74`	`}`
`74`		`-`
`75`		`-int client_net_recv_timeout( void ctx, unsigned char buf,`
	`75`	`+#else`
	`76`	`+staticint client_net_recv_timeout( void ctx, unsigned char buf,`
`76`	`77`	`size_t len, uint32_t timeout ) {`
`77`	`78`	`Client client = (Client)ctx;`
`78`		`- if (!client) {`
	`79`	`+ if (!client) {`
`79`	`80`	`log_e("Uninitialised!");`
`80`	`81`	`return -1;`
`81`	`82`	`}`
`82`	`83`	`unsigned long start = millis();`
`83`	`84`	`unsigned long tms = start + timeout;`
`84`		`- int pending = client->available();`
	`85`	`+ uint16_t pending = client->available();`
`85`	`86`	`// If there is data in the client, wait for message completion`
`86`	`87`	`if((pending > 0) && (pending < len))`
`87`	`88`	`do {`
`88`		`- int pending = client->available();`
	`89`	`+ uint16_t pending = client->available();`
`89`	`90`	`if (pending < len && timeout > 0) {`
`90`	`91`	`delay(1);`
`91`	`92`	`} else break;`
`92`	`93`	`} while (millis() < tms);`
`93`		`-`
	`94`	`+`
`94`	`95`	`int result = client->read(buf, len);`
`95`		`-`
	`96`	`+`
`96`	`97`	`// lwIP interface return -1 if there is no data to read`
`97`	`98`	`// report without throwing errors or block`
`98`	`99`	`if (result <= 0) return MBEDTLS_ERR_SSL_WANT_READ;`
`@@ -102,10 +103,10 @@ int client_net_recv_timeout( void ctx, unsigned char buf,`
`102`	`103`	`if (result > 0) {`
`103`	`104`	`//esp_log_buffer_hexdump_internal("SSL.RD", buf, (uint16_t)result, ESP_LOG_VERBOSE);`
`104`	`105`	`}`
`105`		`-`
	`106`	`+`
`106`	`107`	`return result;`
`107`	`108`	`}`
`108`		`-`
	`109`	`+#endif`
`109`	`110`
`110`	`111`	`/**`
`111`	`112`	`* \brief Write at most 'len' characters. If no error occurs,`
`@@ -121,20 +122,20 @@ int client_net_recv_timeout( void ctx, unsigned char buf,`
`121`	`122`	`*/`
`122`	`123`	`static int client_net_send( void ctx, const unsigned char buf, size_t len ) {`
`123`	`124`	`Client client = (Client)ctx;`
`124`		`- if (!client) {`
	`125`	`+ if (!client) {`
`125`	`126`	`log_e("Uninitialised!");`
`126`	`127`	`return -1;`
`127`	`128`	`}`
`128`		`-`
	`129`	`+`
`129`	`130`	`//if (!client->connected()) {`
`130`	`131`	`// log_e("Not connected!");`
`131`	`132`	`// return -2;`
`132`	`133`	`//}`
`133`		`-`
	`134`	`+`
`134`	`135`	`//esp_log_buffer_hexdump_internal("SSL.WR", buf, (uint16_t)len, ESP_LOG_VERBOSE);`
`135`		`-`
	`136`	`+`
`136`	`137`	`int result = client->write(buf, len);`
`137`		`-`
	`138`	`+`
`138`	`139`	`log_d("SSL client TX res=%d len=%d", result, len);`
`139`	`140`	`return result;`
`140`	`141`	`}`
`@@ -152,7 +153,7 @@ void ssl_init(sslclient_context ssl_client, Client client, const char * ca_pat`
`152`	`153`	`mbedtls_ssl_conf_ciphersuites(&ssl_client->ssl_conf, mbedtls_ssl_list_ciphersuites());`
`153`	`154`
`154`	`155`	`mbedtls_ssl_conf_dbg(&ssl_client->ssl_conf, mbedtls_debug_print, NULL);`
`155`		`- mbedtls_debug_set_threshold(DEBUG_LEVEL);`
	`156`	`+ mbedtls_debug_set_threshold(SSL_DEBUG_LEVEL);`
`156`	`157`
`157`	`158`	`mbedtls_fs_init(ca_path);`
`158`	`159`	`}`
`@@ -225,7 +226,7 @@ int start_ssl_client(sslclient_context ssl_client, const char host, uint32_t p`
`225`	`226`	`}`
`226`	`227`	`unsigned char psk[MBEDTLS_PSK_MAX_LEN];`
`227`	`228`	`size_t psk_len = strlen(psKey)/2;`
`228`		`- for (int j=0; j<strlen(psKey); j+= 2) {`
	`229`	`+ for (size_t j=0; j<strlen(psKey); j+= 2) {`
`229`	`230`	`char c = psKey[j];`
`230`	`231`	`if (c >= '0' && c <= '9') c -= '0';`
`231`	`232`	`else if (c >= 'A' && c <= 'F') c -= 'A' - 10;`
`@@ -336,13 +337,13 @@ int start_ssl_client(sslclient_context ssl_client, const char host, uint32_t p`
`336`	`337`	`memset(buf, 0, sizeof(buf));`
`337`	`338`	`mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", flags);`
`338`	`339`	`log_e("Failed to verify peer certificate! verification info: %s", buf);`
`339`		`- stop_ssl_socket(ssl_client, rootCABuff, cli_cert, cli_key); //It's not safe continue.`
	`340`	`+ stop_ssl_socket(ssl_client); //It's not safe continue.`
`340`	`341`
`341`	`342`	`return handle_error(ret);`
`342`	`343`	`} else {`
`343`	`344`	`log_v("Certificate verified.");`
`344`	`345`	`}`
`345`		`-`
	`346`	`+`
`346`	`347`	`if ((rootCABuff != NULL) \|\| ((rootCAPath != NULL))) {`
`347`	`348`	`log_d("free buffer");`
`348`	`349`	`mbedtls_x509_crt_free(&ssl_client->ca_cert);`
`@@ -354,14 +355,14 @@ int start_ssl_client(sslclient_context ssl_client, const char host, uint32_t p`
`354`	`355`
`355`	`356`	`if (cli_key != NULL) {`
`356`	`357`	`mbedtls_pk_free(&ssl_client->client_key);`
`357`		`- }`
	`358`	`+ }`
`358`	`359`
`359`	`360`	`//return ssl_client->socket;`
`360`	`361`	`return 1;`
`361`	`362`	`}`
`362`	`363`
`363`	`364`
`364`		`-void stop_ssl_socket(sslclient_context ssl_client, constchar rootCABuff, constchar cli_cert, constchar cli_key)`
	`365`	`+void stop_ssl_socket(sslclient_context *ssl_client)`
`365`	`366`	`{`
`366`	`367`	`log_v("Cleaning SSL connection.");`
`367`	`368`

`‎libraries/SSLClient/src/ssl_client.h`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ typedef struct sslclient_context {`
`43`	`43`
`44`	`44`	`void ssl_init(sslclient_context ssl_client, Client client, const char *ca_path);`
`45`	`45`	`int start_ssl_client(sslclient_context ssl_client, const char host, uint32_t port, int timeout, const char rootCABuff, const char rootCAPath, const char cli_cert, const char cli_key, const char pskIdent, const char psKey, bool insecure);`
`46`		`-void stop_ssl_socket(sslclient_context ssl_client, constcharrootCABuff, constcharcli_cert, constcharcli_key);`
	`46`	`+void stop_ssl_socket(sslclient_context *ssl_client);`
`47`	`47`	`int data_to_read(sslclient_context *ssl_client);`
`48`	`48`	`int send_ssl_data(sslclient_context ssl_client, const uint8_t data, uint16_t len);`
`49`	`49`	`int get_ssl_receive(sslclient_context ssl_client, uint8_t data, int length);`

`‎libraries/SSLClient/src/ssl_debug.cpp`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@`
`20`	`20`	`#include "ssl_debug.h"`
`21`	`21`
`22`	`22`	`void ssl_debug_print(const char *format, ...) {`
`23`		`- char debug_buf[1024];`
	`23`	`+ char debug_buf[1024];`
`24`	`24`	`va_list argptr;`
`25`	`25`	`va_start(argptr, format);`
`26`	`26`	`vsnprintf(debug_buf, sizeof(debug_buf), format, argptr);`
`@@ -29,7 +29,7 @@ void ssl_debug_print(const char *format, ...) {`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`void ssl_debug_println(const char *format, ...) {`
`32`		`- char debug_buf[1024];`
	`32`	`+ char debug_buf[1024];`
`33`	`33`	`va_list argptr;`
`34`	`34`	`va_start(argptr, format);`
`35`	`35`	`vsnprintf(debug_buf, sizeof(debug_buf), format, argptr);`
`@@ -43,6 +43,7 @@ void ssl_debug_none(const char *format, ...) {`
`43`	`43`
`44`	`44`	`void mbedtls_debug_print(void ctx, int level, const char file, int line, const char *str)`
`45`	`45`	`{`
	`46`	`+ ((void) ctx);`
`46`	`47`	`((void) level);`
`47`	`48`	`ssl_debug_print("%s:%04d: %s", file, line, str);`
`48`	`49`	`}`

`‎libraries/SSLClient/src/ssl_debug.h`

Lines changed: 7 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -29,33 +29,33 @@`
`29`	`29`	`* 4: DEBUG`
`30`	`30`	`* 5: VERBOSE`
`31`	`31`	`*/`
`32`		`-#define DEBUG_LEVEL 1`
	`32`	`+#define SSL_DEBUG_LEVEL 1`
`33`	`33`
`34`		`-#if DEBUG_LEVEL > 0`
	`34`	`+#if SSL_DEBUG_LEVEL > 0`
`35`	`35`	`#define log_e ssl_debug_println`
`36`	`36`	`#else`
`37`	`37`	`#define log_e ssl_debug_none`
`38`	`38`	`#endif`
`39`	`39`
`40`		`-#if DEBUG_LEVEL > 1`
	`40`	`+#if SSL_DEBUG_LEVEL > 1`
`41`	`41`	`#define log_w ssl_debug_println`
`42`	`42`	`#else`
`43`	`43`	`#define log_w ssl_debug_none`
`44`	`44`	`#endif`
`45`	`45`
`46`		`-#if DEBUG_LEVEL > 2`
	`46`	`+#if SSL_DEBUG_LEVEL > 2`
`47`	`47`	`#define log_i ssl_debug_println`
`48`	`48`	`#else`
`49`	`49`	`#define log_i ssl_debug_none`
`50`	`50`	`#endif`
`51`	`51`
`52`		`-#if DEBUG_LEVEL > 3`
	`52`	`+#if SSL_DEBUG_LEVEL > 3`
`53`	`53`	`#define log_d ssl_debug_println`
`54`	`54`	`#else`
`55`	`55`	`#define log_d ssl_debug_none`
`56`	`56`	`#endif`
`57`		`-`
`58`		`-#if DEBUG_LEVEL > 4`
	`57`	`+`
	`58`	`+#if SSL_DEBUG_LEVEL > 4`
`59`	`59`	`#define log_v ssl_debug_println`
`60`	`60`	`#else`
`61`	`61`	`#define log_v ssl_debug_none`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit f64f904

File tree

5 files changed

5 files changed

`‎libraries/SSLClient/src/SSLClient.cpp`

`‎libraries/SSLClient/src/ssl_client.cpp`

`‎libraries/SSLClient/src/ssl_client.h`

`‎libraries/SSLClient/src/ssl_debug.cpp`

`‎libraries/SSLClient/src/ssl_debug.h`

0 commit comments