Skip to content

SNI support #592

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 24, 2017
Merged

SNI support #592

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 6 additions & 13 deletions libraries/WiFiClientSecure/src/WiFiClientSecure.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,12 @@ int WiFiClientSecure::connect(const char *host, uint16_t port)

int WiFiClientSecure::connect(IPAddress ip, uint16_t port, const char *_CA_cert, const char *_cert, const char *_private_key)
{
int ret = start_ssl_client(sslclient, ip, port, _CA_cert, _cert, _private_key);
return connect(ip.toString().c_str(), port, _CA_cert, _cert, _private_key);
}

int WiFiClientSecure::connect(const char *host, uint16_t port, const char *_CA_cert, const char *_cert, const char *_private_key)
{
int ret = start_ssl_client(sslclient, host, port, _CA_cert, _cert, _private_key);
if (ret < 0) {
log_e("lwip_connect_r: %d", errno);
stop();
Expand All @@ -107,18 +112,6 @@ int WiFiClientSecure::connect(IPAddress ip, uint16_t port, const char *_CA_cert,
return 1;
}

int WiFiClientSecure::connect(const char *host, uint16_t port, const char *_CA_cert, const char *_cert, const char *_private_key)
{
struct hostent *server;
server = gethostbyname(host);
if (server == NULL) {
return 0;
}
IPAddress srv((const uint8_t *)(server->h_addr));
return connect(srv, port, _CA_cert, _cert, _private_key);
}


size_t WiFiClientSecure::write(uint8_t data)
{
return write(&data, 1);
Expand Down
35 changes: 18 additions & 17 deletions libraries/WiFiClientSecure/src/ssl_client.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ void ssl_init(sslclient_context *ssl_client)
}


int start_ssl_client(sslclient_context *ssl_client, uint32_t ipAddress, uint32_t port, const char *rootCABuff, const char *cli_cert, const char *cli_key)
int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t port, const char *rootCABuff, const char *cli_cert, const char *cli_key)
{
char buf[512];
int ret, flags, len, timeout;
Expand All @@ -53,10 +53,17 @@ int start_ssl_client(sslclient_context *ssl_client, uint32_t ipAddress, uint32_t
return ssl_client->socket;
}

struct hostent *server;
server = gethostbyname(host);
if (server == NULL) {
return 0;
}
IPAddress srv((const uint8_t *)(server->h_addr));

struct sockaddr_in serv_addr;
memset(&serv_addr, 0, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
serv_addr.sin_addr.s_addr = ipAddress;
serv_addr.sin_addr.s_addr = srv;
serv_addr.sin_port = htons(port);

if (lwip_connect(ssl_client->socket, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) == 0) {
Expand Down Expand Up @@ -90,9 +97,9 @@ int start_ssl_client(sslclient_context *ssl_client, uint32_t ipAddress, uint32_t
return handle_error(ret);
}

/* MBEDTLS_SSL_VERIFY_REQUIRED if a CA certificate is defined on Arduino IDE and
MBEDTLS_SSL_VERIFY_NONE if not.
*/
// MBEDTLS_SSL_VERIFY_REQUIRED if a CA certificate is defined on Arduino IDE and
// MBEDTLS_SSL_VERIFY_NONE if not.

if (rootCABuff != NULL) {
log_i("Loading CA cert");
mbedtls_x509_crt_init(&ssl_client->ca_cert);
Expand Down Expand Up @@ -129,18 +136,12 @@ int start_ssl_client(sslclient_context *ssl_client, uint32_t ipAddress, uint32_t
mbedtls_ssl_conf_own_cert(&ssl_client->ssl_conf, &ssl_client->client_cert, &ssl_client->client_key);
}

/*
// TODO: implement match CN verification
log_i("Setting hostname for TLS session...");

log_i("Setting hostname for TLS session...");

// Hostname set here should match CN in server certificate
if((ret = mbedtls_ssl_set_hostname(&ssl_client->ssl_ctx, host)) != 0)
{
return handle_error(ret);

}
*/
// Hostname set here should match CN in server certificate
if((ret = mbedtls_ssl_set_hostname(&ssl_client->ssl_ctx, host)) != 0){
return handle_error(ret);
}

mbedtls_ssl_conf_rng(&ssl_client->ssl_conf, mbedtls_ctr_drbg_random, &ssl_client->drbg_ctx);

Expand Down Expand Up @@ -221,7 +222,7 @@ int data_to_read(sslclient_context *ssl_client)
ret = mbedtls_ssl_read(&ssl_client->ssl_ctx, NULL, 0);
//log_e("RET: %i",ret); //for low level debug
res = mbedtls_ssl_get_bytes_avail(&ssl_client->ssl_ctx);
//log_e("RES: %i",res);
//log_e("RES: %i",res); //for low level debug
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret < 0) {
return handle_error(ret);
}
Expand Down
2 changes: 1 addition & 1 deletion libraries/WiFiClientSecure/src/ssl_client.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ typedef struct sslclient_context {


void ssl_init(sslclient_context *ssl_client);
int start_ssl_client(sslclient_context *ssl_client, uint32_t ipAddress, uint32_t port, const char *rootCABuff, const char *cli_cert, const char *cli_key);
int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t port, const char *rootCABuff, const char *cli_cert, const char *cli_key);
void stop_ssl_socket(sslclient_context *ssl_client, const char *rootCABuff, const char *cli_cert, const char *cli_key);
int data_to_read(sslclient_context *ssl_client);
int send_ssl_data(sslclient_context *ssl_client, const uint8_t *data, uint16_t len);
Expand Down