Merge branch 'fix/refactor_esp_tls_server' into 'master'

fix(esp_tls): Refactor esp-tls to remove ESP_TLS_SERVER config option

Closes IDFGH-10812

See merge request espressif/esp-idf!25773
pull/12525/head
Mahavir Jain 2023-10-27 06:34:44 +08:00
commit 47678fc17b
15 zmienionych plików z 113 dodań i 134 usunięć

Wyświetl plik

@ -38,16 +38,9 @@ menu "ESP-TLS"
help
Enable session ticket support as specified in RFC5077.
config ESP_TLS_SERVER
bool "Enable ESP-TLS Server"
depends on (ESP_TLS_USING_MBEDTLS && MBEDTLS_TLS_SERVER) || ESP_TLS_USING_WOLFSSL
help
Enable support for creating server side SSL/TLS session, available for mbedTLS
as well as wolfSSL TLS library.
config ESP_TLS_SERVER_SESSION_TICKETS
bool "Enable server session tickets"
depends on ESP_TLS_SERVER && ESP_TLS_USING_MBEDTLS && MBEDTLS_SERVER_SSL_SESSION_TICKETS
depends on ESP_TLS_USING_MBEDTLS && MBEDTLS_SERVER_SSL_SESSION_TICKETS
help
Enable session ticket support as specified in RFC5077
@ -60,7 +53,7 @@ menu "ESP-TLS"
config ESP_TLS_SERVER_CERT_SELECT_HOOK
bool "Certificate selection hook"
depends on ESP_TLS_USING_MBEDTLS && ESP_TLS_SERVER
depends on ESP_TLS_USING_MBEDTLS
help
Ability to configure and use a certificate selection callback during server handshake,
to select a certificate to present to the client based on the TLS extensions supplied in
@ -68,7 +61,7 @@ menu "ESP-TLS"
config ESP_TLS_SERVER_MIN_AUTH_MODE_OPTIONAL
bool "ESP-TLS Server: Set minimum Certificate Verification mode to Optional"
depends on ESP_TLS_SERVER && ESP_TLS_USING_MBEDTLS
depends on ESP_TLS_USING_MBEDTLS
help
When this option is enabled, the peer (here, the client) certificate is checked by the server,
however the handshake continues even if verification failed. By default, the

Wyświetl plik

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -64,12 +64,10 @@ static const char *TAG = "esp-tls";
#define _esp_tls_get_client_session esp_mbedtls_get_client_session
#define _esp_tls_free_client_session esp_mbedtls_free_client_session
#define _esp_tls_get_ssl_context esp_mbedtls_get_ssl_context
#ifdef CONFIG_ESP_TLS_SERVER
#define _esp_tls_server_session_create esp_mbedtls_server_session_create
#define _esp_tls_server_session_delete esp_mbedtls_server_session_delete
#define _esp_tls_server_session_ticket_ctx_init esp_mbedtls_server_session_ticket_ctx_init
#define _esp_tls_server_session_ticket_ctx_free esp_mbedtls_server_session_ticket_ctx_free
#endif /* CONFIG_ESP_TLS_SERVER */
#define _esp_tls_get_bytes_avail esp_mbedtls_get_bytes_avail
#define _esp_tls_init_global_ca_store esp_mbedtls_init_global_ca_store
#define _esp_tls_set_global_ca_store esp_mbedtls_set_global_ca_store /*!< Callback function for setting global CA store data for TLS/SSL */
@ -83,10 +81,8 @@ static const char *TAG = "esp-tls";
#define _esp_tls_write esp_wolfssl_write
#define _esp_tls_conn_delete esp_wolfssl_conn_delete
#define _esp_tls_net_init esp_wolfssl_net_init
#ifdef CONFIG_ESP_TLS_SERVER
#define _esp_tls_server_session_create esp_wolfssl_server_session_create
#define _esp_tls_server_session_delete esp_wolfssl_server_session_delete
#endif /* CONFIG_ESP_TLS_SERVER */
#define _esp_tls_get_bytes_avail esp_wolfssl_get_bytes_avail
#define _esp_tls_init_global_ca_store esp_wolfssl_init_global_ca_store
#define _esp_tls_set_global_ca_store esp_wolfssl_set_global_ca_store /*!< Callback function for setting global CA store data for TLS/SSL */
@ -108,7 +104,7 @@ static const char *TAG = "esp-tls";
static esp_err_t create_ssl_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls)
{
return _esp_create_ssl_handle(hostname, hostlen, cfg, tls);
return _esp_create_ssl_handle(hostname, hostlen, cfg, tls, NULL);
}
static esp_err_t esp_tls_handshake(esp_tls_t *tls, const esp_tls_cfg_t *cfg)
@ -638,7 +634,6 @@ void esp_tls_free_client_session(esp_tls_client_session_t *client_session)
#endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
#ifdef CONFIG_ESP_TLS_SERVER
esp_err_t esp_tls_cfg_server_session_tickets_init(esp_tls_cfg_server_t *cfg)
{
#if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
@ -682,7 +677,6 @@ void esp_tls_server_session_delete(esp_tls_t *tls)
{
return _esp_tls_server_session_delete(tls);
}
#endif /* CONFIG_ESP_TLS_SERVER */
ssize_t esp_tls_get_bytes_avail(esp_tls_t *tls)
{

Wyświetl plik

@ -213,7 +213,6 @@ typedef struct esp_tls_cfg {
esp_tls_proto_ver_t tls_version; /*!< TLS protocol version of the connection, e.g., TLS 1.2, TLS 1.3 (default - no preference) */
} esp_tls_cfg_t;
#ifdef CONFIG_ESP_TLS_SERVER
#if defined(CONFIG_ESP_TLS_SERVER_SESSION_TICKETS)
/**
* @brief Data structures necessary to support TLS session tickets according to RFC5077
@ -228,7 +227,7 @@ typedef struct esp_tls_server_session_ticket_ctx {
} esp_tls_server_session_ticket_ctx_t;
#endif
#if defined(CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK)
/**
* @brief tls handshake callback
* Can be used to configure per-handshake attributes for the TLS connection.
@ -239,7 +238,11 @@ typedef struct esp_tls_server_session_ticket_ctx {
* or a specific MBEDTLS_ERR_XXX code, which will cause the handhsake to abort
*/
typedef mbedtls_ssl_hs_cb_t esp_tls_handshake_callback;
#endif
/**
* @brief ESP-TLS Server configuration parameters
*/
typedef struct esp_tls_cfg_server {
const char **alpn_protos; /*!< Application protocols required for HTTP2.
If HTTP2/ALPN support is required, a list
@ -341,7 +344,6 @@ esp_err_t esp_tls_cfg_server_session_tickets_init(esp_tls_cfg_server_t *cfg);
* @param cfg server configuration as esp_tls_cfg_server_t
*/
void esp_tls_cfg_server_session_tickets_free(esp_tls_cfg_server_t *cfg);
#endif /* ! CONFIG_ESP_TLS_SERVER */
typedef struct esp_tls esp_tls_t;
@ -681,7 +683,6 @@ mbedtls_x509_crt *esp_tls_get_global_ca_store(void);
*/
const int *esp_tls_get_ciphersuites_list(void);
#endif /* CONFIG_ESP_TLS_USING_MBEDTLS */
#ifdef CONFIG_ESP_TLS_SERVER
/**
* @brief Create TLS/SSL server session
*
@ -707,7 +708,6 @@ int esp_tls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp_tls
* @param[in] tls pointer to esp_tls_t
*/
void esp_tls_server_session_delete(esp_tls_t *tls);
#endif /* ! CONFIG_ESP_TLS_SERVER */
/**
* @brief Creates a plain TCP connection, returning a valid socket fd on success or an error handle

Wyświetl plik

@ -70,7 +70,9 @@ typedef struct esp_tls_pki_t {
#endif
} esp_tls_pki_t;
esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls)
static esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls);
esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls, void *server_params)
{
assert(cfg != NULL);
assert(tls != NULL);
@ -116,16 +118,16 @@ esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const
goto exit;
}
} else if (tls->role == ESP_TLS_SERVER) {
#ifdef CONFIG_ESP_TLS_SERVER
esp_ret = set_server_config((esp_tls_cfg_server_t *) cfg, tls);
if (server_params == NULL) {
/* Server params cannot be NULL when TLS role is server */
return ESP_ERR_INVALID_ARG;
}
esp_tls_server_params_t *input_server_params = server_params;
esp_ret = input_server_params->set_server_cfg((esp_tls_cfg_server_t *) cfg, tls);
if (esp_ret != 0) {
ESP_LOGE(TAG, "Failed to set server configurations, returned [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret));
goto exit;
}
#else
ESP_LOGE(TAG, "ESP_TLS_SERVER Not enabled in Kconfig");
goto exit;
#endif
}
if ((ret = mbedtls_ctr_drbg_seed(&tls->ctr_drbg,
@ -353,10 +355,6 @@ void esp_mbedtls_cleanup(esp_tls_t *tls)
mbedtls_x509_crt_free(tls->cacert_ptr);
}
tls->cacert_ptr = NULL;
#ifdef CONFIG_ESP_TLS_SERVER
mbedtls_x509_crt_free(&tls->servercert);
mbedtls_pk_free(&tls->serverkey);
#endif
mbedtls_x509_crt_free(&tls->cacert);
mbedtls_x509_crt_free(&tls->clientcert);
mbedtls_pk_free(&tls->clientkey);
@ -478,7 +476,6 @@ static esp_err_t set_global_ca_store(esp_tls_t *tls)
return ESP_OK;
}
#ifdef CONFIG_ESP_TLS_SERVER
#ifdef CONFIG_ESP_TLS_SERVER_SESSION_TICKETS
int esp_mbedtls_server_session_ticket_write(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *lifetime)
{
@ -547,7 +544,7 @@ void esp_mbedtls_server_session_ticket_ctx_free(esp_tls_server_session_ticket_ct
}
#endif
esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
static esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
{
assert(cfg != NULL);
assert(tls != NULL);
@ -679,7 +676,6 @@ esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
return ESP_OK;
}
#endif /* ! CONFIG_ESP_TLS_SERVER */
esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t *cfg, esp_tls_t *tls)
{
@ -903,7 +899,6 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
return ESP_OK;
}
#ifdef CONFIG_ESP_TLS_SERVER
/**
* @brief Create TLS/SSL server session
*/
@ -914,7 +909,9 @@ int esp_mbedtls_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp
}
tls->role = ESP_TLS_SERVER;
tls->sockfd = sockfd;
esp_err_t esp_ret = esp_create_mbedtls_handle(NULL, 0, cfg, tls);
esp_tls_server_params_t server_params = {};
server_params.set_server_cfg = &set_server_config;
esp_err_t esp_ret = esp_create_mbedtls_handle(NULL, 0, cfg, tls, &server_params);
if (esp_ret != ESP_OK) {
ESP_LOGE(TAG, "create_ssl_handle failed, returned [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret));
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, esp_ret);
@ -946,7 +943,6 @@ void esp_mbedtls_server_session_delete(esp_tls_t *tls)
free(tls);
}
};
#endif /* ! CONFIG_ESP_TLS_SERVER */
esp_err_t esp_mbedtls_init_global_ca_store(void)
{

Wyświetl plik

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2019-2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -44,9 +44,7 @@ static uint8_t psk_key_array[PSK_MAX_KEY_LEN];
static uint8_t psk_key_max_len = 0;
#endif /* CONFIG_ESP_TLS_PSK_VERIFICATION */
#ifdef CONFIG_ESP_TLS_SERVER
static esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls);
#endif /* CONFIG_ESP_TLS_SERVER */
/* This function shall return the error message when appropriate log level has been set otherwise this function shall do nothing */
@ -124,7 +122,7 @@ void *esp_wolfssl_get_ssl_context(esp_tls_t *tls)
return (void*)tls->priv_ssl;
}
esp_err_t esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls)
esp_err_t esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls, void *server_params)
{
#ifdef CONFIG_ESP_DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
@ -152,16 +150,11 @@ esp_err_t esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const
goto exit;
}
} else if (tls->role == ESP_TLS_SERVER) {
#ifdef CONFIG_ESP_TLS_SERVER
esp_ret = set_server_config((esp_tls_cfg_server_t *) cfg, tls);
if (esp_ret != ESP_OK) {
ESP_LOGE(TAG, "Failed to set server configurations, [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret));
goto exit;
}
#else
ESP_LOGE(TAG, "ESP_TLS_SERVER Not enabled in menuconfig");
goto exit;
#endif
}
else {
ESP_LOGE(TAG, "tls->role is not valid");
@ -321,7 +314,6 @@ static esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls
return ESP_OK;
}
#ifdef CONFIG_ESP_TLS_SERVER
static esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
{
int ret = WOLFSSL_FAILURE;
@ -378,7 +370,6 @@ static esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
wolfSSL_set_fd((WOLFSSL *)tls->priv_ssl, tls->sockfd);
return ESP_OK;
}
#endif
int esp_wolfssl_handshake(esp_tls_t *tls, const esp_tls_cfg_t *cfg)
{
@ -486,7 +477,6 @@ void esp_wolfssl_cleanup(esp_tls_t *tls)
wolfSSL_Cleanup();
}
#ifdef CONFIG_ESP_TLS_SERVER
/**
* @brief Create TLS/SSL server session
*/
@ -497,7 +487,9 @@ int esp_wolfssl_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp
}
tls->role = ESP_TLS_SERVER;
tls->sockfd = sockfd;
esp_err_t esp_ret = esp_create_wolfssl_handle(NULL, 0, cfg, tls);
esp_tls_server_params_t server_params = {};
server_params.set_server_cfg = &set_server_config;
esp_err_t esp_ret = esp_create_wolfssl_handle(NULL, 0, cfg, tls, &server_params);
if (esp_ret != ESP_OK) {
ESP_LOGE(TAG, "create_ssl_handle failed, [0x%04X] (%s)", esp_ret, esp_err_to_name(esp_ret));
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ESP_TLS_ERR_TYPE_ESP, esp_ret);
@ -531,7 +523,6 @@ void esp_wolfssl_server_session_delete(esp_tls_t *tls)
free(tls);
}
}
#endif /* CONFIG_ESP_TLS_SERVER */
esp_err_t esp_wolfssl_init_global_ca_store(void)
{

Wyświetl plik

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2019-2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -46,7 +46,7 @@ ssize_t esp_mbedtls_get_bytes_avail(esp_tls_t *tls);
/**
* Internal Callback for creating ssl handle for mbedtls
*/
esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls);
esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls, void* server_params);
/**
* mbedTLS function for Initializing socket wrappers
@ -61,13 +61,6 @@ static inline void esp_mbedtls_net_init(esp_tls_t *tls)
*/
void *esp_mbedtls_get_ssl_context(esp_tls_t *tls);
#ifdef CONFIG_ESP_TLS_SERVER
/**
* Internal Callback for set_server_config
*
* /note :- can only be used with mbedtls ssl library
*/
esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls);
/**
* Internal Callback for mbedtls_server_session_create
@ -98,7 +91,6 @@ esp_err_t esp_mbedtls_server_session_ticket_ctx_init(esp_tls_server_session_tick
*/
void esp_mbedtls_server_session_ticket_ctx_free(esp_tls_server_session_ticket_ctx_t *cfg);
#endif
#endif
/**
* Internal Callback for set_client_config_function

Wyświetl plik

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -53,21 +53,21 @@ struct esp_tls {
mbedtls_x509_crt cacert; /*!< Container for the X.509 CA certificate */
mbedtls_x509_crt *cacert_ptr; /*!< Pointer to the cacert being used. */
union {
mbedtls_x509_crt clientcert; /*!< Container for the X.509 client certificate */
mbedtls_x509_crt servercert; /*!< Container for the X.509 server certificate */
};
union {
mbedtls_pk_context clientkey; /*!< Container for the private key of the client
certificate */
mbedtls_pk_context serverkey; /*!< Container for the private key of the server
certificate */
};
#ifdef CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN
bool use_ecdsa_peripheral; /*!< Use the ECDSA peripheral for the private key operations. */
uint8_t ecdsa_efuse_blk; /*!< The efuse block number where the ECDSA key is stored. */
#endif
#ifdef CONFIG_ESP_TLS_SERVER
mbedtls_x509_crt servercert; /*!< Container for the X.509 server certificate */
mbedtls_pk_context serverkey; /*!< Container for the private key of the server
certificate */
#endif
#elif CONFIG_ESP_TLS_USING_WOLFSSL
void *priv_ctx;
void *priv_ssl;
@ -95,3 +95,11 @@ struct esp_tls {
esp_tls_error_handle_t error_handle; /*!< handle to error descriptor */
};
// Function pointer for the server configuration API
typedef esp_err_t (*set_server_config_func_ptr) (esp_tls_cfg_server_t *cfg, esp_tls_t *tls);
// This struct contains any data that is only specific to the server session and not required by the client.
typedef struct esp_tls_server_params {
set_server_config_func_ptr set_server_cfg;
} esp_tls_server_params_t;

Wyświetl plik

@ -11,7 +11,7 @@
/**
* Internal Callback for creating ssl handle for wolfssl
*/
int esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls);
int esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls, void *server_params);
/**
* Internal Callback for wolfssl_handshake
@ -76,7 +76,6 @@ static inline void esp_wolfssl_net_init(esp_tls_t *tls)
{
}
#ifdef CONFIG_ESP_TLS_SERVER
/**
* Function to Create ESP-TLS Server session with wolfssl Stack
@ -87,5 +86,3 @@ int esp_wolfssl_server_session_create(esp_tls_cfg_server_t *cfg, int sockfd, esp
* Delete Server Session
*/
void esp_wolfssl_server_session_delete(esp_tls_t *tls);
#endif

Wyświetl plik

@ -76,7 +76,6 @@ TEST_CASE("esp-tls global_ca_store set free", "[esp-tls]")
esp_tls_free_global_ca_store();
}
#ifdef CONFIG_ESP_TLS_SERVER
TEST_CASE("esp_tls_server session create delete", "[esp-tls]")
{
struct esp_tls *tls = esp_tls_init();
@ -95,4 +94,3 @@ TEST_CASE("esp_tls_server session create delete", "[esp-tls]")
esp_tls_server_session_delete(tls);
}
#endif

Wyświetl plik

@ -5,6 +5,4 @@ CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y
CONFIG_FREERTOS_WATCHPOINT_END_OF_STACK=y
CONFIG_COMPILER_STACK_CHECK_MODE_STRONG=y
CONFIG_COMPILER_STACK_CHECK=y
CONFIG_ESP_TASK_WDT_EN=n
CONFIG_ESP_TLS_SERVER=y

Wyświetl plik

@ -1,7 +1,5 @@
if(CONFIG_ESP_HTTPS_SERVER_ENABLE OR CONFIG_IDF_DOC_BUILD)
set(src "src/https_server.c")
set(inc "include")
endif()
set(src "src/https_server.c")
set(inc "include")
idf_component_register(SRCS ${src}
INCLUDE_DIRS ${inc}

Wyświetl plik

@ -3,7 +3,6 @@ menu "ESP HTTPS server"
config ESP_HTTPS_SERVER_ENABLE
bool "Enable ESP_HTTPS_SERVER component"
depends on (ESP_TLS_USING_MBEDTLS && MBEDTLS_TLS_SERVER)
select ESP_TLS_SERVER
help
Enable ESP HTTPS server component

Wyświetl plik

@ -104,70 +104,30 @@ struct httpd_ssl_config {
esp_https_server_user_cb *user_cb;
void *ssl_userdata; /*!< user data to add to the ssl context */
#if CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK
esp_tls_handshake_callback cert_select_cb; /*!< Certificate selection callback to use */
#endif
const char** alpn_protos; /*!< Application protocols the server supports in order of prefernece. Used for negotiating during the TLS handshake, first one the client supports is selected. The data structure must live as long as the https server itself! */
};
typedef struct httpd_ssl_config httpd_ssl_config_t;
/* Macro kept for compatibility reasons */
#define HTTPD_SSL_CONFIG_DEFAULT httpd_ssl_config_default
/**
* Default config struct init
*
* (http_server default config had to be copied for customization)
* Returns the httpd config struct with default initialisation
*
* @return
* httpd_ssl_config_t HTTPD ssl config struct
* with default initialisation
* Notes:
* - port is set when starting the server, according to 'transport_mode'
* - one socket uses ~ 40kB RAM with SSL, we reduce the default socket count to 4
* - SSL sockets are usually long-lived, closing LRU prevents pool exhaustion DOS
* - Stack size may need adjustments depending on the user application
*/
#define HTTPD_SSL_CONFIG_DEFAULT() { \
.httpd = { \
.task_priority = tskIDLE_PRIORITY+5, \
.stack_size = 10240, \
.core_id = tskNO_AFFINITY, \
.server_port = 0, \
.ctrl_port = ESP_HTTPD_DEF_CTRL_PORT+1, \
.max_open_sockets = 4, \
.max_uri_handlers = 8, \
.max_resp_headers = 8, \
.backlog_conn = 5, \
.lru_purge_enable = true, \
.recv_wait_timeout = 5, \
.send_wait_timeout = 5, \
.global_user_ctx = NULL, \
.global_user_ctx_free_fn = NULL, \
.global_transport_ctx = NULL, \
.global_transport_ctx_free_fn = NULL, \
.enable_so_linger = false, \
.linger_timeout = 0, \
.keep_alive_enable = false, \
.keep_alive_idle = 0, \
.keep_alive_interval = 0, \
.keep_alive_count = 0, \
.open_fn = NULL, \
.close_fn = NULL, \
.uri_match_fn = NULL \
}, \
.servercert = NULL, \
.servercert_len = 0, \
.cacert_pem = NULL, \
.cacert_len = 0, \
.prvtkey_pem = NULL, \
.prvtkey_len = 0, \
.use_ecdsa_peripheral = false, \
.ecdsa_key_efuse_blk = 0, \
.transport_mode = HTTPD_SSL_TRANSPORT_SECURE, \
.port_secure = 443, \
.port_insecure = 80, \
.session_tickets = false, \
.use_secure_element = false, \
.user_cb = NULL, \
.ssl_userdata = NULL, \
.cert_select_cb = NULL, \
.alpn_protos = NULL, \
}
httpd_ssl_config_t httpd_ssl_config_default(void);
/**
* Create a SSL capable HTTP server (secure mode may be disabled in config)

Wyświetl plik

@ -48,6 +48,60 @@ static void httpd_ssl_close(void *ctx)
ESP_LOGD(TAG, "Secure socket closed");
}
httpd_ssl_config_t httpd_ssl_config_default(void)
{
httpd_ssl_config_t config = {
.httpd = {
.task_priority = tskIDLE_PRIORITY + 5,
.stack_size = 10240,
.core_id = tskNO_AFFINITY,
.server_port = 0,
.ctrl_port = ESP_HTTPD_DEF_CTRL_PORT + 1,
.max_open_sockets = 4,
.max_uri_handlers = 8,
.max_resp_headers = 8,
.backlog_conn = 5,
.lru_purge_enable = true,
.recv_wait_timeout = 5,
.send_wait_timeout = 5,
.global_user_ctx = NULL,
.global_user_ctx_free_fn = NULL,
.global_transport_ctx = NULL,
.global_transport_ctx_free_fn = NULL,
.enable_so_linger = false,
.linger_timeout = 0,
.keep_alive_enable = false,
.keep_alive_idle = 0,
.keep_alive_interval = 0,
.keep_alive_count = 0,
.open_fn = NULL,
.close_fn = NULL,
.uri_match_fn = NULL,
},
.servercert = NULL,
.servercert_len = 0,
.cacert_pem = NULL,
.cacert_len = 0,
.prvtkey_pem = NULL,
.prvtkey_len = 0,
.use_ecdsa_peripheral = false,
.ecdsa_key_efuse_blk = 0,
.transport_mode = HTTPD_SSL_TRANSPORT_SECURE,
.port_secure = 443,
.port_insecure = 80,
.session_tickets = false,
.use_secure_element = false,
.user_cb = NULL,
.ssl_userdata = NULL,
#if CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK
.cert_select_cb = NULL,
#endif
.alpn_protos = NULL,
};
return config;
}
/**
* SSL socket pending-check function
*

Wyświetl plik

@ -1,3 +1,4 @@
CONFIG_ESP_HTTPS_SERVER_ENABLE=y
CONFIG_ESP_TLS_CERT_SELECT_HOOK=y
CONFIG_EXAMPLE_ENABLE_HTTPS_USER_CALLBACK=y
CONFIG_EXAMPLE_WIFI_SSID_PWD_FROM_STDIN=y