kopia lustrzana https://github.com/espressif/esp-idf
Merge branch 'feature/https_server_mutual_auth_PR' into 'master'
Feature/https_server_mutual_auth Closes IDFGH-2004 See merge request espressif/esp-idf!7626pull/4898/head
commit
582f5dd697
|
@ -41,12 +41,22 @@ struct httpd_ssl_config {
|
||||||
*/
|
*/
|
||||||
httpd_config_t httpd;
|
httpd_config_t httpd;
|
||||||
|
|
||||||
/** CA certificate */
|
/** CA certificate (here it is treated as server cert)
|
||||||
|
* Todo: Fix this change in release/v5.0 as it would be a breaking change
|
||||||
|
* i.e. Rename the nomenclature of variables holding different certs in https_server component as well as example
|
||||||
|
* 1)The cacert variable should hold the CA which is used to authenticate clients (should inherit current role of client_verify_cert_pem var)
|
||||||
|
* 2)There should be another variable servercert which whould hold servers own certificate (should inherit current role of cacert var) */
|
||||||
const uint8_t *cacert_pem;
|
const uint8_t *cacert_pem;
|
||||||
|
|
||||||
/** CA certificate byte length */
|
/** CA certificate byte length */
|
||||||
size_t cacert_len;
|
size_t cacert_len;
|
||||||
|
|
||||||
|
/** Client verify authority certificate (CA used to sign clients, or client cert itself */
|
||||||
|
const uint8_t *client_verify_cert_pem;
|
||||||
|
|
||||||
|
/** Client verify authority cert len */
|
||||||
|
size_t client_verify_cert_len;
|
||||||
|
|
||||||
/** Private key */
|
/** Private key */
|
||||||
const uint8_t *prvtkey_pem;
|
const uint8_t *prvtkey_pem;
|
||||||
|
|
||||||
|
@ -102,6 +112,8 @@ typedef struct httpd_ssl_config httpd_ssl_config_t;
|
||||||
.cacert_len = 0, \
|
.cacert_len = 0, \
|
||||||
.prvtkey_pem = NULL, \
|
.prvtkey_pem = NULL, \
|
||||||
.prvtkey_len = 0, \
|
.prvtkey_len = 0, \
|
||||||
|
.client_verify_cert_pem = NULL, \
|
||||||
|
.client_verify_cert_len = 0, \
|
||||||
.transport_mode = HTTPD_SSL_TRANSPORT_SECURE, \
|
.transport_mode = HTTPD_SSL_TRANSPORT_SECURE, \
|
||||||
.port_secure = 443, \
|
.port_secure = 443, \
|
||||||
.port_insecure = 80, \
|
.port_insecure = 80, \
|
||||||
|
|
|
@ -135,6 +135,9 @@ static void free_secure_context(void *ctx)
|
||||||
assert(ctx != NULL);
|
assert(ctx != NULL);
|
||||||
esp_tls_cfg_server_t *cfg = (esp_tls_cfg_server_t *)ctx;
|
esp_tls_cfg_server_t *cfg = (esp_tls_cfg_server_t *)ctx;
|
||||||
ESP_LOGI(TAG, "Server shuts down, releasing SSL context");
|
ESP_LOGI(TAG, "Server shuts down, releasing SSL context");
|
||||||
|
if (cfg->cacert_buf) {
|
||||||
|
free((void *)cfg->cacert_buf);
|
||||||
|
}
|
||||||
if (cfg->servercert_buf) {
|
if (cfg->servercert_buf) {
|
||||||
free((void *)cfg->servercert_buf);
|
free((void *)cfg->servercert_buf);
|
||||||
}
|
}
|
||||||
|
@ -150,8 +153,22 @@ static esp_tls_cfg_server_t *create_secure_context(const struct httpd_ssl_config
|
||||||
if (!cfg) {
|
if (!cfg) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
/* cacert = CA which signs client cert, or client cert itself , which is mapped to client_verify_cert_pem */
|
||||||
|
if(config->client_verify_cert_pem != NULL) {
|
||||||
|
cfg->cacert_buf = (unsigned char *)malloc(config->client_verify_cert_len);
|
||||||
|
if (!cfg->cacert_buf) {
|
||||||
|
ESP_LOGE(TAG, "Could not allocate memory");
|
||||||
|
free(cfg);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
memcpy((char *)cfg->cacert_buf, config->client_verify_cert_pem, config->client_verify_cert_len);
|
||||||
|
cfg->cacert_bytes = config->client_verify_cert_len;
|
||||||
|
}
|
||||||
|
/* servercert = cert of server itself ( in our case it is mapped to cacert in https_server example) */
|
||||||
cfg->servercert_buf = (unsigned char *)malloc(config->cacert_len);
|
cfg->servercert_buf = (unsigned char *)malloc(config->cacert_len);
|
||||||
if (!cfg->servercert_buf) {
|
if (!cfg->servercert_buf) {
|
||||||
|
ESP_LOGE(TAG, "Could not allocate memory");
|
||||||
|
free((void *)cfg->cacert_buf);
|
||||||
free(cfg);
|
free(cfg);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -160,7 +177,9 @@ static esp_tls_cfg_server_t *create_secure_context(const struct httpd_ssl_config
|
||||||
|
|
||||||
cfg->serverkey_buf = (unsigned char *)malloc(config->prvtkey_len);
|
cfg->serverkey_buf = (unsigned char *)malloc(config->prvtkey_len);
|
||||||
if (!cfg->serverkey_buf) {
|
if (!cfg->serverkey_buf) {
|
||||||
|
ESP_LOGE(TAG, "Could not allocate memory");
|
||||||
free((void *)cfg->servercert_buf);
|
free((void *)cfg->servercert_buf);
|
||||||
|
free((void *)cfg->cacert_buf);
|
||||||
free(cfg);
|
free(cfg);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
Ładowanie…
Reference in New Issue