kopia lustrzana https://github.com/espressif/esp-idf
Merge branch 'fix/refactor_esp_tls_server' into 'master'
fix(esp_tls): Refactor esp-tls to remove ESP_TLS_SERVER config option Closes IDFGH-10812 See merge request espressif/esp-idf!25773pull/12525/head
commit
47678fc17b
|
@ -38,16 +38,9 @@ menu "ESP-TLS"
|
||||||
help
|
help
|
||||||
Enable session ticket support as specified in RFC5077.
|
Enable session ticket support as specified in RFC5077.
|
||||||
|
|
||||||
config ESP_TLS_SERVER
|
|
||||||
bool "Enable ESP-TLS Server"
|
|
||||||
depends on (ESP_TLS_USING_MBEDTLS && MBEDTLS_TLS_SERVER) || ESP_TLS_USING_WOLFSSL
|
|
||||||
help
|
|
||||||
Enable support for creating server side SSL/TLS session, available for mbedTLS
|
|
||||||
as well as wolfSSL TLS library.
|
|
||||||
|
|
||||||
config ESP_TLS_SERVER_SESSION_TICKETS
|
config ESP_TLS_SERVER_SESSION_TICKETS
|
||||||
bool "Enable server session tickets"
|
bool "Enable server session tickets"
|
||||||
depends on ESP_TLS_SERVER && ESP_TLS_USING_MBEDTLS && MBEDTLS_SERVER_SSL_SESSION_TICKETS
|
depends on ESP_TLS_USING_MBEDTLS && MBEDTLS_SERVER_SSL_SESSION_TICKETS
|
||||||
help
|
help
|
||||||
Enable session ticket support as specified in RFC5077
|
Enable session ticket support as specified in RFC5077
|
||||||
|
|
||||||
|
@ -60,7 +53,7 @@ menu "ESP-TLS"
|
||||||
|
|
||||||
config ESP_TLS_SERVER_CERT_SELECT_HOOK
|
config ESP_TLS_SERVER_CERT_SELECT_HOOK
|
||||||
bool "Certificate selection hook"
|
bool "Certificate selection hook"
|
||||||
depends on ESP_TLS_USING_MBEDTLS && ESP_TLS_SERVER
|
depends on ESP_TLS_USING_MBEDTLS
|
||||||
help
|
help
|
||||||
Ability to configure and use a certificate selection callback during server handshake,
|
Ability to configure and use a certificate selection callback during server handshake,
|
||||||
to select a certificate to present to the client based on the TLS extensions supplied in
|
to select a certificate to present to the client based on the TLS extensions supplied in
|
||||||
|
@ -68,7 +61,7 @@ menu "ESP-TLS"
|
||||||
|
|
||||||
config ESP_TLS_SERVER_MIN_AUTH_MODE_OPTIONAL
|
config ESP_TLS_SERVER_MIN_AUTH_MODE_OPTIONAL
|
||||||
bool "ESP-TLS Server: Set minimum Certificate Verification mode to Optional"
|
bool "ESP-TLS Server: Set minimum Certificate Verification mode to Optional"
|
||||||
depends on ESP_TLS_SERVER && ESP_TLS_USING_MBEDTLS
|
depends on ESP_TLS_USING_MBEDTLS
|
||||||
help
|
help
|
||||||
When this option is enabled, the peer (here, the client) certificate is checked by the server,
|
When this option is enabled, the peer (here, the client) certificate is checked by the server,
|
||||||
however the handshake continues even if verification failed. By default, the
|
however the handshake continues even if verification failed. By default, the
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD
|
* SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*/
|
*/
|
||||||
|
@ -64,12 +64,10 @@ static const char *TAG = "esp-tls";
|
||||||
#define _esp_tls_get_client_session esp_mbedtls_get_client_session
|
#define _esp_tls_get_client_session esp_mbedtls_get_client_session
|
||||||
#define _esp_tls_free_client_session esp_mbedtls_free_client_session
|
#define _esp_tls_free_client_session esp_mbedtls_free_client_session
|
||||||
#define _esp_tls_get_ssl_context esp_mbedtls_get_ssl_context
|
#define _esp_tls_get_ssl_context esp_mbedtls_get_ssl_context
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
|
||||||
#define _esp_tls_server_session_create esp_mbedtls_server_session_create
|
#define _esp_tls_server_session_create esp_mbedtls_server_session_create
|
||||||
#define _esp_tls_server_session_delete esp_mbedtls_server_session_delete
|
#define _esp_tls_server_session_delete esp_mbedtls_server_session_delete
|
||||||
#define _esp_tls_server_session_ticket_ctx_init esp_mbedtls_server_session_ticket_ctx_init
|
#define _esp_tls_server_session_ticket_ctx_init esp_mbedtls_server_session_ticket_ctx_init
|
||||||
#define _esp_tls_server_session_ticket_ctx_free esp_mbedtls_server_session_ticket_ctx_free
|
#define _esp_tls_server_session_ticket_ctx_free esp_mbedtls_server_session_ticket_ctx_free
|
||||||
#endif /* CONFIG_ESP_TLS_SERVER */
|
|
||||||
#define _esp_tls_get_bytes_avail esp_mbedtls_get_bytes_avail
|
#define _esp_tls_get_bytes_avail esp_mbedtls_get_bytes_avail
|
||||||
#define _esp_tls_init_global_ca_store esp_mbedtls_init_global_ca_store
|
#define _esp_tls_init_global_ca_store esp_mbedtls_init_global_ca_store
|
||||||
#define _esp_tls_set_global_ca_store esp_mbedtls_set_global_ca_store /*!< Callback function for setting global CA store data for TLS/SSL */
|
#define _esp_tls_set_global_ca_store esp_mbedtls_set_global_ca_store /*!< Callback function for setting global CA store data for TLS/SSL */
|
||||||
|
@ -83,10 +81,8 @@ static const char *TAG = "esp-tls";
|
||||||
#define _esp_tls_write esp_wolfssl_write
|
#define _esp_tls_write esp_wolfssl_write
|
||||||
#define _esp_tls_conn_delete esp_wolfssl_conn_delete
|
#define _esp_tls_conn_delete esp_wolfssl_conn_delete
|
||||||
#define _esp_tls_net_init esp_wolfssl_net_init
|
#define _esp_tls_net_init esp_wolfssl_net_init
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
|
||||||
#define _esp_tls_server_session_create esp_wolfssl_server_session_create
|
#define _esp_tls_server_session_create esp_wolfssl_server_session_create
|
||||||
#define _esp_tls_server_session_delete esp_wolfssl_server_session_delete
|
#define _esp_tls_server_session_delete esp_wolfssl_server_session_delete
|
||||||
#endif /* CONFIG_ESP_TLS_SERVER */
|
|
||||||
#define _esp_tls_get_bytes_avail esp_wolfssl_get_bytes_avail
|
#define _esp_tls_get_bytes_avail esp_wolfssl_get_bytes_avail
|
||||||
#define _esp_tls_init_global_ca_store esp_wolfssl_init_global_ca_store
|
#define _esp_tls_init_global_ca_store esp_wolfssl_init_global_ca_store
|
||||||
#define _esp_tls_set_global_ca_store esp_wolfssl_set_global_ca_store /*!< Callback function for setting global CA store data for TLS/SSL */
|
#define _esp_tls_set_global_ca_store esp_wolfssl_set_global_ca_store /*!< Callback function for setting global CA store data for TLS/SSL */
|
||||||
|
@ -108,7 +104,7 @@ static const char *TAG = "esp-tls";
|
||||||
|
|
||||||
static esp_err_t create_ssl_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls)
|
static esp_err_t create_ssl_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls)
|
||||||
{
|
{
|
||||||
return _esp_create_ssl_handle(hostname, hostlen, cfg, tls);
|
return _esp_create_ssl_handle(hostname, hostlen, cfg, tls, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
static esp_err_t esp_tls_handshake(esp_tls_t *tls, const esp_tls_cfg_t *cfg)
|
static esp_err_t esp_tls_handshake(esp_tls_t *tls, const esp_tls_cfg_t *cfg)
|
||||||
|
@ -638,7 +634,6 @@ void esp_tls_free_client_session(esp_tls_client_session_t *client_session)
|
||||||
#endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
|
#endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
|
||||||
esp_err_t esp_tls_cfg_server_session_tickets_init(esp_tls_cfg_server_t *cfg)
|
esp_err_t esp_tls_cfg_server_session_tickets_init(esp_tls_cfg_server_t *cfg)
|
||||||
{
|
{
|
||||||
#if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
|
#if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
|
||||||
|
@ -682,7 +677,6 @@ void esp_tls_server_session_delete(esp_tls_t *tls)
|
||||||
{
|
{
|
||||||
return _esp_tls_server_session_delete(tls);
|
return _esp_tls_server_session_delete(tls);
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_ESP_TLS_SERVER */
|
|
||||||
|
|
||||||
ssize_t esp_tls_get_bytes_avail(esp_tls_t *tls)
|
ssize_t esp_tls_get_bytes_avail(esp_tls_t *tls)
|
||||||
{
|
{
|
||||||
|
|
|
@ -213,7 +213,6 @@ typedef struct esp_tls_cfg {
|
||||||
esp_tls_proto_ver_t tls_version; /*!< TLS protocol version of the connection, e.g., TLS 1.2, TLS 1.3 (default - no preference) */
|
esp_tls_proto_ver_t tls_version; /*!< TLS protocol version of the connection, e.g., TLS 1.2, TLS 1.3 (default - no preference) */
|
||||||
} esp_tls_cfg_t;
|
} esp_tls_cfg_t;
|
||||||
|
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
|
||||||
#if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
|
#if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
|
||||||
/**
|
/**
|
||||||
* @brief Data structures necessary to support TLS session tickets according to RFC5077
|
* @brief Data structures necessary to support TLS session tickets according to RFC5077
|
||||||
|
@ -228,7 +227,7 @@ typedef struct esp_tls_server_session_ticket_ctx {
|
||||||
} esp_tls_server_session_ticket_ctx_t;
|
} esp_tls_server_session_ticket_ctx_t;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK)
|
||||||
/**
|
/**
|
||||||
* @brief tls handshake callback
|
* @brief tls handshake callback
|
||||||
* Can be used to configure per-handshake attributes for the TLS connection.
|
* Can be used to configure per-handshake attributes for the TLS connection.
|
||||||
|
@ -239,7 +238,11 @@ typedef struct esp_tls_server_session_ticket_ctx {
|
||||||
* or a specific MBEDTLS_ERR_XXX code, which will cause the handhsake to abort
|
* or a specific MBEDTLS_ERR_XXX code, which will cause the handhsake to abort
|
||||||
*/
|
*/
|
||||||
typedef mbedtls_ssl_hs_cb_t esp_tls_handshake_callback;
|
typedef mbedtls_ssl_hs_cb_t esp_tls_handshake_callback;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief ESP-TLS Server configuration parameters
|
||||||
|
*/
|
||||||
typedef struct esp_tls_cfg_server {
|
typedef struct esp_tls_cfg_server {
|
||||||
const char **alpn_protos; /*!< Application protocols required for HTTP2.
|
const char **alpn_protos; /*!< Application protocols required for HTTP2.
|
||||||
If HTTP2/ALPN support is required, a list
|
If HTTP2/ALPN support is required, a list
|
||||||
|
@ -341,7 +344,6 @@ esp_err_t esp_tls_cfg_server_session_tickets_init(esp_tls_cfg_server_t *cfg);
|
||||||
* @param cfg server configuration as esp_tls_cfg_server_t
|
* @param cfg server configuration as esp_tls_cfg_server_t
|
||||||
*/
|
*/
|
||||||
void esp_tls_cfg_server_session_tickets_free(esp_tls_cfg_server_t *cfg);
|
void esp_tls_cfg_server_session_tickets_free(esp_tls_cfg_server_t *cfg);
|
||||||
#endif /* ! CONFIG_ESP_TLS_SERVER */
|
|
||||||
|
|
||||||
typedef struct esp_tls esp_tls_t;
|
typedef struct esp_tls esp_tls_t;
|
||||||
|
|
||||||
|
@ -681,7 +683,6 @@ mbedtls_x509_crt *esp_tls_get_global_ca_store(void);
|
||||||
*/
|
*/
|
||||||
const int *esp_tls_get_ciphersuites_list(void);
|
const int *esp_tls_get_ciphersuites_list(void);
|
||||||
#endif /* CONFIG_ESP_TLS_USING_MBEDTLS */
|
#endif /* CONFIG_ESP_TLS_USING_MBEDTLS */
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
|
||||||
/**
|
/**
|
||||||
* @brief Create TLS/SSL server session
|
* @brief Create TLS/SSL server session
|
||||||
*
|
*
|
||||||
|
@ -707,7 +708,6 @@ int esp_tls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls
|
||||||
* @param[in] tls pointer to esp_tls_t
|
* @param[in] tls pointer to esp_tls_t
|
||||||
*/
|
*/
|
||||||
void esp_tls_server_session_delete(esp_tls_t *tls);
|
void esp_tls_server_session_delete(esp_tls_t *tls);
|
||||||
#endif /* ! CONFIG_ESP_TLS_SERVER */
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Creates a plain TCP connection, returning a valid socket fd on success or an error handle
|
* @brief Creates a plain TCP connection, returning a valid socket fd on success or an error handle
|
||||||
|
|
|
@ -70,7 +70,9 @@ typedef struct esp_tls_pki_t {
|
||||||
#endif
|
#endif
|
||||||
} esp_tls_pki_t;
|
} esp_tls_pki_t;
|
||||||
|
|
||||||
esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls)
|
static esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls);
|
||||||
|
|
||||||
|
esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls, void *server_params)
|
||||||
{
|
{
|
||||||
assert(cfg != NULL);
|
assert(cfg != NULL);
|
||||||
assert(tls != NULL);
|
assert(tls != NULL);
|
||||||
|
@ -116,16 +118,16 @@ esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
} else if (tls->role == ESP_TLS_SERVER) {
|
} else if (tls->role == ESP_TLS_SERVER) {
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
if (server_params == NULL) {
|
||||||
esp_ret = set_server_config((esp_tls_cfg_server_t *) cfg, tls);
|
/* Server params cannot be NULL when TLS role is server */
|
||||||
|
return ESP_ERR_INVALID_ARG;
|
||||||
|
}
|
||||||
|
esp_tls_server_params_t *input_server_params = server_params;
|
||||||
|
esp_ret = input_server_params->set_server_cfg((esp_tls_cfg_server_t *) cfg, tls);
|
||||||
if (esp_ret != 0) {
|
if (esp_ret != 0) {
|
||||||
ESP_LOGE(TAG, "Failed to set server configurations, returned [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret));
|
ESP_LOGE(TAG, "Failed to set server configurations, returned [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret));
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
#else
|
|
||||||
ESP_LOGE(TAG, "ESP_TLS_SERVER Not enabled in Kconfig");
|
|
||||||
goto exit;
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((ret = mbedtls_ctr_drbg_seed(&tls->ctr_drbg,
|
if ((ret = mbedtls_ctr_drbg_seed(&tls->ctr_drbg,
|
||||||
|
@ -353,10 +355,6 @@ void esp_mbedtls_cleanup(esp_tls_t *tls)
|
||||||
mbedtls_x509_crt_free(tls->cacert_ptr);
|
mbedtls_x509_crt_free(tls->cacert_ptr);
|
||||||
}
|
}
|
||||||
tls->cacert_ptr = NULL;
|
tls->cacert_ptr = NULL;
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
|
||||||
mbedtls_x509_crt_free(&tls->servercert);
|
|
||||||
mbedtls_pk_free(&tls->serverkey);
|
|
||||||
#endif
|
|
||||||
mbedtls_x509_crt_free(&tls->cacert);
|
mbedtls_x509_crt_free(&tls->cacert);
|
||||||
mbedtls_x509_crt_free(&tls->clientcert);
|
mbedtls_x509_crt_free(&tls->clientcert);
|
||||||
mbedtls_pk_free(&tls->clientkey);
|
mbedtls_pk_free(&tls->clientkey);
|
||||||
|
@ -478,7 +476,6 @@ static esp_err_t set_global_ca_store(esp_tls_t *tls)
|
||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER_SESSION_TICKETS
|
#ifdef CONFIG_ESP_TLS_SERVER_SESSION_TICKETS
|
||||||
int esp_mbedtls_server_session_ticket_write(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime)
|
int esp_mbedtls_server_session_ticket_write(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime)
|
||||||
{
|
{
|
||||||
|
@ -547,7 +544,7 @@ void esp_mbedtls_server_session_ticket_ctx_free(esp_tls_server_session_ticket_ct
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
|
static esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
|
||||||
{
|
{
|
||||||
assert(cfg != NULL);
|
assert(cfg != NULL);
|
||||||
assert(tls != NULL);
|
assert(tls != NULL);
|
||||||
|
@ -679,7 +676,6 @@ esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
|
||||||
|
|
||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
}
|
}
|
||||||
#endif /* ! CONFIG_ESP_TLS_SERVER */
|
|
||||||
|
|
||||||
esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t *cfg, esp_tls_t *tls)
|
esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t *cfg, esp_tls_t *tls)
|
||||||
{
|
{
|
||||||
|
@ -903,7 +899,6 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
|
||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
|
||||||
/**
|
/**
|
||||||
* @brief Create TLS/SSL server session
|
* @brief Create TLS/SSL server session
|
||||||
*/
|
*/
|
||||||
|
@ -914,7 +909,9 @@ int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp
|
||||||
}
|
}
|
||||||
tls->role = ESP_TLS_SERVER;
|
tls->role = ESP_TLS_SERVER;
|
||||||
tls->sockfd = sockfd;
|
tls->sockfd = sockfd;
|
||||||
esp_err_t esp_ret = esp_create_mbedtls_handle(NULL, 0, cfg, tls);
|
esp_tls_server_params_t server_params = {};
|
||||||
|
server_params.set_server_cfg = &set_server_config;
|
||||||
|
esp_err_t esp_ret = esp_create_mbedtls_handle(NULL, 0, cfg, tls, &server_params);
|
||||||
if (esp_ret != ESP_OK) {
|
if (esp_ret != ESP_OK) {
|
||||||
ESP_LOGE(TAG, "create_ssl_handle failed, returned [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret));
|
ESP_LOGE(TAG, "create_ssl_handle failed, returned [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret));
|
||||||
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, esp_ret);
|
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, esp_ret);
|
||||||
|
@ -946,7 +943,6 @@ void esp_mbedtls_server_session_delete(esp_tls_t *tls)
|
||||||
free(tls);
|
free(tls);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
#endif /* ! CONFIG_ESP_TLS_SERVER */
|
|
||||||
|
|
||||||
esp_err_t esp_mbedtls_init_global_ca_store(void)
|
esp_err_t esp_mbedtls_init_global_ca_store(void)
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* SPDX-FileCopyrightText: 2019-2021 Espressif Systems (Shanghai) CO LTD
|
* SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*/
|
*/
|
||||||
|
@ -44,9 +44,7 @@ static uint8_t psk_key_array[PSK_MAX_KEY_LEN];
|
||||||
static uint8_t psk_key_max_len = 0;
|
static uint8_t psk_key_max_len = 0;
|
||||||
#endif /* CONFIG_ESP_TLS_PSK_VERIFICATION */
|
#endif /* CONFIG_ESP_TLS_PSK_VERIFICATION */
|
||||||
|
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
|
||||||
static esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls);
|
static esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls);
|
||||||
#endif /* CONFIG_ESP_TLS_SERVER */
|
|
||||||
|
|
||||||
|
|
||||||
/* This function shall return the error message when appropriate log level has been set otherwise this function shall do nothing */
|
/* This function shall return the error message when appropriate log level has been set otherwise this function shall do nothing */
|
||||||
|
@ -124,7 +122,7 @@ void *esp_wolfssl_get_ssl_context(esp_tls_t *tls)
|
||||||
return (void*)tls->priv_ssl;
|
return (void*)tls->priv_ssl;
|
||||||
}
|
}
|
||||||
|
|
||||||
esp_err_t esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls)
|
esp_err_t esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls, void *server_params)
|
||||||
{
|
{
|
||||||
#ifdef CONFIG_ESP_DEBUG_WOLFSSL
|
#ifdef CONFIG_ESP_DEBUG_WOLFSSL
|
||||||
wolfSSL_Debugging_ON();
|
wolfSSL_Debugging_ON();
|
||||||
|
@ -152,16 +150,11 @@ esp_err_t esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
} else if (tls->role == ESP_TLS_SERVER) {
|
} else if (tls->role == ESP_TLS_SERVER) {
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
|
||||||
esp_ret = set_server_config((esp_tls_cfg_server_t *) cfg, tls);
|
esp_ret = set_server_config((esp_tls_cfg_server_t *) cfg, tls);
|
||||||
if (esp_ret != ESP_OK) {
|
if (esp_ret != ESP_OK) {
|
||||||
ESP_LOGE(TAG, "Failed to set server configurations, [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret));
|
ESP_LOGE(TAG, "Failed to set server configurations, [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret));
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
#else
|
|
||||||
ESP_LOGE(TAG, "ESP_TLS_SERVER Not enabled in menuconfig");
|
|
||||||
goto exit;
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
ESP_LOGE(TAG, "tls->role is not valid");
|
ESP_LOGE(TAG, "tls->role is not valid");
|
||||||
|
@ -321,7 +314,6 @@ static esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls
|
||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
|
||||||
static esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
|
static esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
|
||||||
{
|
{
|
||||||
int ret = WOLFSSL_FAILURE;
|
int ret = WOLFSSL_FAILURE;
|
||||||
|
@ -378,7 +370,6 @@ static esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
|
||||||
wolfSSL_set_fd((WOLFSSL *)tls->priv_ssl, tls->sockfd);
|
wolfSSL_set_fd((WOLFSSL *)tls->priv_ssl, tls->sockfd);
|
||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
int esp_wolfssl_handshake(esp_tls_t *tls, const esp_tls_cfg_t *cfg)
|
int esp_wolfssl_handshake(esp_tls_t *tls, const esp_tls_cfg_t *cfg)
|
||||||
{
|
{
|
||||||
|
@ -486,7 +477,6 @@ void esp_wolfssl_cleanup(esp_tls_t *tls)
|
||||||
wolfSSL_Cleanup();
|
wolfSSL_Cleanup();
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
|
||||||
/**
|
/**
|
||||||
* @brief Create TLS/SSL server session
|
* @brief Create TLS/SSL server session
|
||||||
*/
|
*/
|
||||||
|
@ -497,7 +487,9 @@ int esp_wolfssl_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp
|
||||||
}
|
}
|
||||||
tls->role = ESP_TLS_SERVER;
|
tls->role = ESP_TLS_SERVER;
|
||||||
tls->sockfd = sockfd;
|
tls->sockfd = sockfd;
|
||||||
esp_err_t esp_ret = esp_create_wolfssl_handle(NULL, 0, cfg, tls);
|
esp_tls_server_params_t server_params = {};
|
||||||
|
server_params.set_server_cfg = &set_server_config;
|
||||||
|
esp_err_t esp_ret = esp_create_wolfssl_handle(NULL, 0, cfg, tls, &server_params);
|
||||||
if (esp_ret != ESP_OK) {
|
if (esp_ret != ESP_OK) {
|
||||||
ESP_LOGE(TAG, "create_ssl_handle failed, [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret));
|
ESP_LOGE(TAG, "create_ssl_handle failed, [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret));
|
||||||
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, esp_ret);
|
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, esp_ret);
|
||||||
|
@ -531,7 +523,6 @@ void esp_wolfssl_server_session_delete(esp_tls_t *tls)
|
||||||
free(tls);
|
free(tls);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_ESP_TLS_SERVER */
|
|
||||||
|
|
||||||
esp_err_t esp_wolfssl_init_global_ca_store(void)
|
esp_err_t esp_wolfssl_init_global_ca_store(void)
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* SPDX-FileCopyrightText: 2019-2021 Espressif Systems (Shanghai) CO LTD
|
* SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*/
|
*/
|
||||||
|
@ -46,7 +46,7 @@ ssize_t esp_mbedtls_get_bytes_avail(esp_tls_t *tls);
|
||||||
/**
|
/**
|
||||||
* Internal Callback for creating ssl handle for mbedtls
|
* Internal Callback for creating ssl handle for mbedtls
|
||||||
*/
|
*/
|
||||||
esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls);
|
esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls, void* server_params);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* mbedTLS function for Initializing socket wrappers
|
* mbedTLS function for Initializing socket wrappers
|
||||||
|
@ -61,13 +61,6 @@ static inline void esp_mbedtls_net_init(esp_tls_t *tls)
|
||||||
*/
|
*/
|
||||||
void *esp_mbedtls_get_ssl_context(esp_tls_t *tls);
|
void *esp_mbedtls_get_ssl_context(esp_tls_t *tls);
|
||||||
|
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
|
||||||
/**
|
|
||||||
* Internal Callback for set_server_config
|
|
||||||
*
|
|
||||||
* /note :- can only be used with mbedtls ssl library
|
|
||||||
*/
|
|
||||||
esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Internal Callback for mbedtls_server_session_create
|
* Internal Callback for mbedtls_server_session_create
|
||||||
|
@ -98,7 +91,6 @@ esp_err_t esp_mbedtls_server_session_ticket_ctx_init(esp_tls_server_session_tick
|
||||||
*/
|
*/
|
||||||
void esp_mbedtls_server_session_ticket_ctx_free(esp_tls_server_session_ticket_ctx_t *cfg);
|
void esp_mbedtls_server_session_ticket_ctx_free(esp_tls_server_session_ticket_ctx_t *cfg);
|
||||||
#endif
|
#endif
|
||||||
#endif
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Internal Callback for set_client_config_function
|
* Internal Callback for set_client_config_function
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
|
* SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*/
|
*/
|
||||||
|
@ -53,21 +53,21 @@ struct esp_tls {
|
||||||
mbedtls_x509_crt cacert; /*!< Container for the X.509 CA certificate */
|
mbedtls_x509_crt cacert; /*!< Container for the X.509 CA certificate */
|
||||||
|
|
||||||
mbedtls_x509_crt *cacert_ptr; /*!< Pointer to the cacert being used. */
|
mbedtls_x509_crt *cacert_ptr; /*!< Pointer to the cacert being used. */
|
||||||
|
union {
|
||||||
mbedtls_x509_crt clientcert; /*!< Container for the X.509 client certificate */
|
mbedtls_x509_crt clientcert; /*!< Container for the X.509 client certificate */
|
||||||
|
mbedtls_x509_crt servercert; /*!< Container for the X.509 server certificate */
|
||||||
|
};
|
||||||
|
|
||||||
|
union {
|
||||||
mbedtls_pk_context clientkey; /*!< Container for the private key of the client
|
mbedtls_pk_context clientkey; /*!< Container for the private key of the client
|
||||||
certificate */
|
certificate */
|
||||||
|
mbedtls_pk_context serverkey; /*!< Container for the private key of the server
|
||||||
|
certificate */
|
||||||
|
};
|
||||||
#ifdef CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN
|
#ifdef CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN
|
||||||
bool use_ecdsa_peripheral; /*!< Use the ECDSA peripheral for the private key operations. */
|
bool use_ecdsa_peripheral; /*!< Use the ECDSA peripheral for the private key operations. */
|
||||||
uint8_t ecdsa_efuse_blk; /*!< The efuse block number where the ECDSA key is stored. */
|
uint8_t ecdsa_efuse_blk; /*!< The efuse block number where the ECDSA key is stored. */
|
||||||
#endif
|
#endif
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
|
||||||
mbedtls_x509_crt servercert; /*!< Container for the X.509 server certificate */
|
|
||||||
|
|
||||||
mbedtls_pk_context serverkey; /*!< Container for the private key of the server
|
|
||||||
certificate */
|
|
||||||
#endif
|
|
||||||
#elif CONFIG_ESP_TLS_USING_WOLFSSL
|
#elif CONFIG_ESP_TLS_USING_WOLFSSL
|
||||||
void *priv_ctx;
|
void *priv_ctx;
|
||||||
void *priv_ssl;
|
void *priv_ssl;
|
||||||
|
@ -95,3 +95,11 @@ struct esp_tls {
|
||||||
esp_tls_error_handle_t error_handle; /*!< handle to error descriptor */
|
esp_tls_error_handle_t error_handle; /*!< handle to error descriptor */
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// Function pointer for the server configuration API
|
||||||
|
typedef esp_err_t (*set_server_config_func_ptr) (esp_tls_cfg_server_t *cfg, esp_tls_t *tls);
|
||||||
|
|
||||||
|
// This struct contains any data that is only specific to the server session and not required by the client.
|
||||||
|
typedef struct esp_tls_server_params {
|
||||||
|
set_server_config_func_ptr set_server_cfg;
|
||||||
|
} esp_tls_server_params_t;
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
/**
|
/**
|
||||||
* Internal Callback for creating ssl handle for wolfssl
|
* Internal Callback for creating ssl handle for wolfssl
|
||||||
*/
|
*/
|
||||||
int esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls);
|
int esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls, void *server_params);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Internal Callback for wolfssl_handshake
|
* Internal Callback for wolfssl_handshake
|
||||||
|
@ -76,7 +76,6 @@ static inline void esp_wolfssl_net_init(esp_tls_t *tls)
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Function to Create ESP-TLS Server session with wolfssl Stack
|
* Function to Create ESP-TLS Server session with wolfssl Stack
|
||||||
|
@ -87,5 +86,3 @@ int esp_wolfssl_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp
|
||||||
* Delete Server Session
|
* Delete Server Session
|
||||||
*/
|
*/
|
||||||
void esp_wolfssl_server_session_delete(esp_tls_t *tls);
|
void esp_wolfssl_server_session_delete(esp_tls_t *tls);
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
|
@ -76,7 +76,6 @@ TEST_CASE("esp-tls global_ca_store set free", "[esp-tls]")
|
||||||
esp_tls_free_global_ca_store();
|
esp_tls_free_global_ca_store();
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_ESP_TLS_SERVER
|
|
||||||
TEST_CASE("esp_tls_server session create delete", "[esp-tls]")
|
TEST_CASE("esp_tls_server session create delete", "[esp-tls]")
|
||||||
{
|
{
|
||||||
struct esp_tls *tls = esp_tls_init();
|
struct esp_tls *tls = esp_tls_init();
|
||||||
|
@ -95,4 +94,3 @@ TEST_CASE("esp_tls_server session create delete", "[esp-tls]")
|
||||||
esp_tls_server_session_delete(tls);
|
esp_tls_server_session_delete(tls);
|
||||||
|
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
|
@ -5,6 +5,4 @@ CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y
|
||||||
CONFIG_FREERTOS_WATCHPOINT_END_OF_STACK=y
|
CONFIG_FREERTOS_WATCHPOINT_END_OF_STACK=y
|
||||||
CONFIG_COMPILER_STACK_CHECK_MODE_STRONG=y
|
CONFIG_COMPILER_STACK_CHECK_MODE_STRONG=y
|
||||||
CONFIG_COMPILER_STACK_CHECK=y
|
CONFIG_COMPILER_STACK_CHECK=y
|
||||||
|
|
||||||
CONFIG_ESP_TASK_WDT_EN=n
|
CONFIG_ESP_TASK_WDT_EN=n
|
||||||
CONFIG_ESP_TLS_SERVER=y
|
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
if(CONFIG_ESP_HTTPS_SERVER_ENABLE OR CONFIG_IDF_DOC_BUILD)
|
set(src "src/https_server.c")
|
||||||
set(src "src/https_server.c")
|
set(inc "include")
|
||||||
set(inc "include")
|
|
||||||
endif()
|
|
||||||
|
|
||||||
idf_component_register(SRCS ${src}
|
idf_component_register(SRCS ${src}
|
||||||
INCLUDE_DIRS ${inc}
|
INCLUDE_DIRS ${inc}
|
||||||
|
|
|
@ -3,7 +3,6 @@ menu "ESP HTTPS server"
|
||||||
config ESP_HTTPS_SERVER_ENABLE
|
config ESP_HTTPS_SERVER_ENABLE
|
||||||
bool "Enable ESP_HTTPS_SERVER component"
|
bool "Enable ESP_HTTPS_SERVER component"
|
||||||
depends on (ESP_TLS_USING_MBEDTLS && MBEDTLS_TLS_SERVER)
|
depends on (ESP_TLS_USING_MBEDTLS && MBEDTLS_TLS_SERVER)
|
||||||
select ESP_TLS_SERVER
|
|
||||||
help
|
help
|
||||||
Enable ESP HTTPS server component
|
Enable ESP HTTPS server component
|
||||||
|
|
||||||
|
|
|
@ -104,70 +104,30 @@ struct httpd_ssl_config {
|
||||||
esp_https_server_user_cb *user_cb;
|
esp_https_server_user_cb *user_cb;
|
||||||
|
|
||||||
void *ssl_userdata; /*!< user data to add to the ssl context */
|
void *ssl_userdata; /*!< user data to add to the ssl context */
|
||||||
|
#if CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK
|
||||||
esp_tls_handshake_callback cert_select_cb; /*!< Certificate selection callback to use */
|
esp_tls_handshake_callback cert_select_cb; /*!< Certificate selection callback to use */
|
||||||
|
#endif
|
||||||
|
|
||||||
const char** alpn_protos; /*!< Application protocols the server supports in order of prefernece. Used for negotiating during the TLS handshake, first one the client supports is selected. The data structure must live as long as the https server itself! */
|
const char** alpn_protos; /*!< Application protocols the server supports in order of prefernece. Used for negotiating during the TLS handshake, first one the client supports is selected. The data structure must live as long as the https server itself! */
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef struct httpd_ssl_config httpd_ssl_config_t;
|
typedef struct httpd_ssl_config httpd_ssl_config_t;
|
||||||
|
|
||||||
|
/* Macro kept for compatibility reasons */
|
||||||
|
#define HTTPD_SSL_CONFIG_DEFAULT httpd_ssl_config_default
|
||||||
/**
|
/**
|
||||||
* Default config struct init
|
* Returns the httpd config struct with default initialisation
|
||||||
*
|
|
||||||
* (http_server default config had to be copied for customization)
|
|
||||||
*
|
*
|
||||||
|
* @return
|
||||||
|
* httpd_ssl_config_t HTTPD ssl config struct
|
||||||
|
* with default initialisation
|
||||||
* Notes:
|
* Notes:
|
||||||
* - port is set when starting the server, according to 'transport_mode'
|
* - port is set when starting the server, according to 'transport_mode'
|
||||||
* - one socket uses ~ 40kB RAM with SSL, we reduce the default socket count to 4
|
* - one socket uses ~ 40kB RAM with SSL, we reduce the default socket count to 4
|
||||||
* - SSL sockets are usually long-lived, closing LRU prevents pool exhaustion DOS
|
* - SSL sockets are usually long-lived, closing LRU prevents pool exhaustion DOS
|
||||||
* - Stack size may need adjustments depending on the user application
|
* - Stack size may need adjustments depending on the user application
|
||||||
*/
|
*/
|
||||||
#define HTTPD_SSL_CONFIG_DEFAULT() { \
|
httpd_ssl_config_t httpd_ssl_config_default(void);
|
||||||
.httpd = { \
|
|
||||||
.task_priority = tskIDLE_PRIORITY+5, \
|
|
||||||
.stack_size = 10240, \
|
|
||||||
.core_id = tskNO_AFFINITY, \
|
|
||||||
.server_port = 0, \
|
|
||||||
.ctrl_port = ESP_HTTPD_DEF_CTRL_PORT+1, \
|
|
||||||
.max_open_sockets = 4, \
|
|
||||||
.max_uri_handlers = 8, \
|
|
||||||
.max_resp_headers = 8, \
|
|
||||||
.backlog_conn = 5, \
|
|
||||||
.lru_purge_enable = true, \
|
|
||||||
.recv_wait_timeout = 5, \
|
|
||||||
.send_wait_timeout = 5, \
|
|
||||||
.global_user_ctx = NULL, \
|
|
||||||
.global_user_ctx_free_fn = NULL, \
|
|
||||||
.global_transport_ctx = NULL, \
|
|
||||||
.global_transport_ctx_free_fn = NULL, \
|
|
||||||
.enable_so_linger = false, \
|
|
||||||
.linger_timeout = 0, \
|
|
||||||
.keep_alive_enable = false, \
|
|
||||||
.keep_alive_idle = 0, \
|
|
||||||
.keep_alive_interval = 0, \
|
|
||||||
.keep_alive_count = 0, \
|
|
||||||
.open_fn = NULL, \
|
|
||||||
.close_fn = NULL, \
|
|
||||||
.uri_match_fn = NULL \
|
|
||||||
}, \
|
|
||||||
.servercert = NULL, \
|
|
||||||
.servercert_len = 0, \
|
|
||||||
.cacert_pem = NULL, \
|
|
||||||
.cacert_len = 0, \
|
|
||||||
.prvtkey_pem = NULL, \
|
|
||||||
.prvtkey_len = 0, \
|
|
||||||
.use_ecdsa_peripheral = false, \
|
|
||||||
.ecdsa_key_efuse_blk = 0, \
|
|
||||||
.transport_mode = HTTPD_SSL_TRANSPORT_SECURE, \
|
|
||||||
.port_secure = 443, \
|
|
||||||
.port_insecure = 80, \
|
|
||||||
.session_tickets = false, \
|
|
||||||
.use_secure_element = false, \
|
|
||||||
.user_cb = NULL, \
|
|
||||||
.ssl_userdata = NULL, \
|
|
||||||
.cert_select_cb = NULL, \
|
|
||||||
.alpn_protos = NULL, \
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a SSL capable HTTP server (secure mode may be disabled in config)
|
* Create a SSL capable HTTP server (secure mode may be disabled in config)
|
||||||
|
|
|
@ -48,6 +48,60 @@ static void httpd_ssl_close(void *ctx)
|
||||||
ESP_LOGD(TAG, "Secure socket closed");
|
ESP_LOGD(TAG, "Secure socket closed");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
httpd_ssl_config_t httpd_ssl_config_default(void)
|
||||||
|
{
|
||||||
|
httpd_ssl_config_t config = {
|
||||||
|
.httpd = {
|
||||||
|
.task_priority = tskIDLE_PRIORITY + 5,
|
||||||
|
.stack_size = 10240,
|
||||||
|
.core_id = tskNO_AFFINITY,
|
||||||
|
.server_port = 0,
|
||||||
|
.ctrl_port = ESP_HTTPD_DEF_CTRL_PORT + 1,
|
||||||
|
.max_open_sockets = 4,
|
||||||
|
.max_uri_handlers = 8,
|
||||||
|
.max_resp_headers = 8,
|
||||||
|
.backlog_conn = 5,
|
||||||
|
.lru_purge_enable = true,
|
||||||
|
.recv_wait_timeout = 5,
|
||||||
|
.send_wait_timeout = 5,
|
||||||
|
.global_user_ctx = NULL,
|
||||||
|
.global_user_ctx_free_fn = NULL,
|
||||||
|
.global_transport_ctx = NULL,
|
||||||
|
.global_transport_ctx_free_fn = NULL,
|
||||||
|
.enable_so_linger = false,
|
||||||
|
.linger_timeout = 0,
|
||||||
|
.keep_alive_enable = false,
|
||||||
|
.keep_alive_idle = 0,
|
||||||
|
.keep_alive_interval = 0,
|
||||||
|
.keep_alive_count = 0,
|
||||||
|
.open_fn = NULL,
|
||||||
|
.close_fn = NULL,
|
||||||
|
.uri_match_fn = NULL,
|
||||||
|
},
|
||||||
|
.servercert = NULL,
|
||||||
|
.servercert_len = 0,
|
||||||
|
.cacert_pem = NULL,
|
||||||
|
.cacert_len = 0,
|
||||||
|
.prvtkey_pem = NULL,
|
||||||
|
.prvtkey_len = 0,
|
||||||
|
.use_ecdsa_peripheral = false,
|
||||||
|
.ecdsa_key_efuse_blk = 0,
|
||||||
|
.transport_mode = HTTPD_SSL_TRANSPORT_SECURE,
|
||||||
|
.port_secure = 443,
|
||||||
|
.port_insecure = 80,
|
||||||
|
.session_tickets = false,
|
||||||
|
.use_secure_element = false,
|
||||||
|
.user_cb = NULL,
|
||||||
|
.ssl_userdata = NULL,
|
||||||
|
#if CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK
|
||||||
|
.cert_select_cb = NULL,
|
||||||
|
#endif
|
||||||
|
.alpn_protos = NULL,
|
||||||
|
};
|
||||||
|
|
||||||
|
return config;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* SSL socket pending-check function
|
* SSL socket pending-check function
|
||||||
*
|
*
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
CONFIG_ESP_HTTPS_SERVER_ENABLE=y
|
CONFIG_ESP_HTTPS_SERVER_ENABLE=y
|
||||||
|
CONFIG_ESP_TLS_CERT_SELECT_HOOK=y
|
||||||
CONFIG_EXAMPLE_ENABLE_HTTPS_USER_CALLBACK=y
|
CONFIG_EXAMPLE_ENABLE_HTTPS_USER_CALLBACK=y
|
||||||
CONFIG_EXAMPLE_WIFI_SSID_PWD_FROM_STDIN=y
|
CONFIG_EXAMPLE_WIFI_SSID_PWD_FROM_STDIN=y
|
||||||
|
|
Ładowanie…
Reference in New Issue