Merge branch 'refactor/esp_https_server_api_cleanup' into 'master'

esp_https_server: API cleanup

Closes IDFGH-6540

See merge request espressif/esp-idf!17136
pull/8430/head
Mahavir Jain 2022-02-15 16:11:09 +00:00
commit 71e29053cf
13 zmienionych plików z 36 dodań i 52 usunięć

Wyświetl plik

@ -50,22 +50,18 @@ struct httpd_ssl_config {
*/
httpd_config_t httpd;
/** CA certificate (here it is treated as server cert)
* Todo: Fix this change in release/v5.0 as it would be a breaking change
* i.e. Rename the nomenclature of variables holding different certs in https_server component as well as example
* 1)The cacert variable should hold the CA which is used to authenticate clients (should inherit current role of client_verify_cert_pem var)
* 2)There should be another variable servercert which whould hold servers own certificate (should inherit current role of cacert var) */
/** Server certificate */
const uint8_t *servercert;
/** Server certificate byte length */
size_t servercert_len;
/** CA certificate ((CA used to sign clients, or client cert itself) */
const uint8_t *cacert_pem;
/** CA certificate byte length */
size_t cacert_len;
/** Client verify authority certificate (CA used to sign clients, or client cert itself */
const uint8_t *client_verify_cert_pem;
/** Client verify authority cert len */
size_t client_verify_cert_len;
/** Private key */
const uint8_t *prvtkey_pem;
@ -123,10 +119,10 @@ typedef struct httpd_ssl_config httpd_ssl_config_t;
.close_fn = NULL, \
.uri_match_fn = NULL \
}, \
.servercert = NULL, \
.servercert_len = 0, \
.cacert_pem = NULL, \
.cacert_len = 0, \
.client_verify_cert_pem = NULL, \
.client_verify_cert_len = 0, \
.prvtkey_pem = NULL, \
.prvtkey_len = 0, \
.transport_mode = HTTPD_SSL_TRANSPORT_SECURE, \

Wyświetl plik

@ -181,20 +181,20 @@ static httpd_ssl_ctx_t *create_secure_context(const struct httpd_ssl_config *con
ssl_ctx->tls_cfg = cfg;
ssl_ctx->user_cb = config->user_cb;
/* cacert = CA which signs client cert, or client cert itself , which is mapped to client_verify_cert_pem */
if(config->client_verify_cert_pem != NULL) {
cfg->cacert_buf = (unsigned char *)malloc(config->client_verify_cert_len);
/* cacert = CA which signs client cert, or client cert itself */
if(config->cacert_pem != NULL) {
cfg->cacert_buf = (unsigned char *)malloc(config->cacert_len);
if (!cfg->cacert_buf) {
ESP_LOGE(TAG, "Could not allocate memory");
free(cfg);
free(ssl_ctx);
return NULL;
}
memcpy((char *)cfg->cacert_buf, config->client_verify_cert_pem, config->client_verify_cert_len);
cfg->cacert_bytes = config->client_verify_cert_len;
memcpy((char *)cfg->cacert_buf, config->cacert_pem, config->cacert_len);
cfg->cacert_bytes = config->cacert_len;
}
/* servercert = cert of server itself ( in our case it is mapped to cacert in https_server example) */
cfg->servercert_buf = (unsigned char *)malloc(config->cacert_len);
/* servercert = cert of server itself */
cfg->servercert_buf = (unsigned char *)malloc(config->servercert_len);
if (!cfg->servercert_buf) {
ESP_LOGE(TAG, "Could not allocate memory");
free((void *)cfg->cacert_buf);
@ -202,8 +202,8 @@ static httpd_ssl_ctx_t *create_secure_context(const struct httpd_ssl_config *con
free(ssl_ctx);
return NULL;
}
memcpy((char *)cfg->servercert_buf, config->cacert_pem, config->cacert_len);
cfg->servercert_bytes = config->cacert_len;
memcpy((char *)cfg->servercert_buf, config->servercert, config->servercert_len);
cfg->servercert_bytes = config->servercert_len;
cfg->serverkey_buf = (unsigned char *)malloc(config->prvtkey_len);
if (!cfg->serverkey_buf) {

Wyświetl plik

@ -1,3 +1,3 @@
idf_component_register(SRCS "app_main.c" "esp_local_ctrl_service.c"
INCLUDE_DIRS "."
EMBED_TXTFILES "certs/cacert.pem" "certs/prvtkey.pem")
EMBED_TXTFILES "certs/servercert.pem" "certs/prvtkey.pem")

Wyświetl plik

@ -162,10 +162,10 @@ void start_esp_local_ctrl_service(void)
httpd_ssl_config_t https_conf = HTTPD_SSL_CONFIG_DEFAULT();
/* Load server certificate */
extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");
extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end");
https_conf.cacert_pem = cacert_pem_start;
https_conf.cacert_len = cacert_pem_end - cacert_pem_start;
extern const unsigned char servercert_start[] asm("_binary_servercert_pem_start");
extern const unsigned char servercert_end[] asm("_binary_servercert_pem_end");
https_conf.servercert = servercert_start;
https_conf.servercert_len = servercert_end - servercert_start;
/* Load server private key */
extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");

Wyświetl plik

@ -1,4 +1,4 @@
idf_component_register(SRCS "main.c"
INCLUDE_DIRS "."
EMBED_TXTFILES "certs/cacert.pem"
EMBED_TXTFILES "certs/servercert.pem"
"certs/prvtkey.pem")

Wyświetl plik

@ -81,10 +81,10 @@ static httpd_handle_t start_webserver(void)
httpd_ssl_config_t conf = HTTPD_SSL_CONFIG_DEFAULT();
extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");
extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end");
conf.cacert_pem = cacert_pem_start;
conf.cacert_len = cacert_pem_end - cacert_pem_start;
extern const unsigned char servercert_start[] asm("_binary_servercert_pem_start");
extern const unsigned char servercert_end[] asm("_binary_servercert_pem_end");
conf.servercert = servercert_start;
conf.servercert_len = servercert_end - servercert_start;
extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");
extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end");

Wyświetl plik

@ -1,4 +1,4 @@
idf_component_register(SRCS "wss_server_example.c" "keep_alive.c"
INCLUDE_DIRS "."
EMBED_TXTFILES "certs/cacert.pem"
EMBED_TXTFILES "certs/servercert.pem"
"certs/prvtkey.pem")

Wyświetl plik

@ -182,10 +182,10 @@ static httpd_handle_t start_wss_echo_server(void)
conf.httpd.open_fn = wss_open_fd;
conf.httpd.close_fn = wss_close_fd;
extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");
extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end");
conf.cacert_pem = cacert_pem_start;
conf.cacert_len = cacert_pem_end - cacert_pem_start;
extern const unsigned char servercert_start[] asm("_binary_servercert_pem_start");
extern const unsigned char servercert_end[] asm("_binary_servercert_pem_end");
conf.servercert = servercert_start;
conf.servercert_len = servercert_end - servercert_start;
extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");
extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end");

Wyświetl plik

@ -1,18 +1,7 @@
#!/usr/bin/env python
#
# Copyright 2021 Espressif Systems (Shanghai) CO LTD
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
# SPDX-License-Identifier: Apache-2.0
from __future__ import division, print_function, unicode_literals
@ -140,7 +129,7 @@ def test_examples_protocol_https_wss_server(env, extra_data): # type: (tiny_tes
Utility.console_log('Got IP : ' + got_ip)
Utility.console_log('Got Port : ' + got_port)
ca_file = os.path.join(os.path.dirname(__file__), 'main', 'certs', 'cacert.pem')
ca_file = os.path.join(os.path.dirname(__file__), 'main', 'certs', 'servercert.pem')
# Start ws server test
with WsClient(got_ip, int(got_port), ca_file) as ws:
# Check for echo

Wyświetl plik

@ -2524,7 +2524,6 @@ examples/protocols/https_server/simple/main/main.c
examples/protocols/https_server/wss_server/main/keep_alive.c
examples/protocols/https_server/wss_server/main/keep_alive.h
examples/protocols/https_server/wss_server/main/wss_server_example.c
examples/protocols/https_server/wss_server/wss_server_example_test.py
examples/protocols/https_x509_bundle/example_test.py
examples/protocols/https_x509_bundle/main/https_x509_bundle_example_main.c
examples/protocols/icmp_echo/example_test.py