diff --git a/components/esp_https_server/include/esp_https_server.h b/components/esp_https_server/include/esp_https_server.h index efe726e9e7..c184b38d06 100644 --- a/components/esp_https_server/include/esp_https_server.h +++ b/components/esp_https_server/include/esp_https_server.h @@ -50,22 +50,18 @@ struct httpd_ssl_config { */ httpd_config_t httpd; - /** CA certificate (here it is treated as server cert) - * Todo: Fix this change in release/v5.0 as it would be a breaking change - * i.e. Rename the nomenclature of variables holding different certs in https_server component as well as example - * 1)The cacert variable should hold the CA which is used to authenticate clients (should inherit current role of client_verify_cert_pem var) - * 2)There should be another variable servercert which whould hold servers own certificate (should inherit current role of cacert var) */ + /** Server certificate */ + const uint8_t *servercert; + + /** Server certificate byte length */ + size_t servercert_len; + + /** CA certificate ((CA used to sign clients, or client cert itself) */ const uint8_t *cacert_pem; /** CA certificate byte length */ size_t cacert_len; - /** Client verify authority certificate (CA used to sign clients, or client cert itself */ - const uint8_t *client_verify_cert_pem; - - /** Client verify authority cert len */ - size_t client_verify_cert_len; - /** Private key */ const uint8_t *prvtkey_pem; @@ -123,10 +119,10 @@ typedef struct httpd_ssl_config httpd_ssl_config_t; .close_fn = NULL, \ .uri_match_fn = NULL \ }, \ + .servercert = NULL, \ + .servercert_len = 0, \ .cacert_pem = NULL, \ .cacert_len = 0, \ - .client_verify_cert_pem = NULL, \ - .client_verify_cert_len = 0, \ .prvtkey_pem = NULL, \ .prvtkey_len = 0, \ .transport_mode = HTTPD_SSL_TRANSPORT_SECURE, \ diff --git a/components/esp_https_server/src/https_server.c b/components/esp_https_server/src/https_server.c index 163ecb36a9..a561bdf2e4 100644 --- a/components/esp_https_server/src/https_server.c +++ b/components/esp_https_server/src/https_server.c @@ -181,20 +181,20 @@ static httpd_ssl_ctx_t *create_secure_context(const struct httpd_ssl_config *con ssl_ctx->tls_cfg = cfg; ssl_ctx->user_cb = config->user_cb; -/* cacert = CA which signs client cert, or client cert itself , which is mapped to client_verify_cert_pem */ - if(config->client_verify_cert_pem != NULL) { - cfg->cacert_buf = (unsigned char *)malloc(config->client_verify_cert_len); +/* cacert = CA which signs client cert, or client cert itself */ + if(config->cacert_pem != NULL) { + cfg->cacert_buf = (unsigned char *)malloc(config->cacert_len); if (!cfg->cacert_buf) { ESP_LOGE(TAG, "Could not allocate memory"); free(cfg); free(ssl_ctx); return NULL; } - memcpy((char *)cfg->cacert_buf, config->client_verify_cert_pem, config->client_verify_cert_len); - cfg->cacert_bytes = config->client_verify_cert_len; + memcpy((char *)cfg->cacert_buf, config->cacert_pem, config->cacert_len); + cfg->cacert_bytes = config->cacert_len; } -/* servercert = cert of server itself ( in our case it is mapped to cacert in https_server example) */ - cfg->servercert_buf = (unsigned char *)malloc(config->cacert_len); +/* servercert = cert of server itself */ + cfg->servercert_buf = (unsigned char *)malloc(config->servercert_len); if (!cfg->servercert_buf) { ESP_LOGE(TAG, "Could not allocate memory"); free((void *)cfg->cacert_buf); @@ -202,8 +202,8 @@ static httpd_ssl_ctx_t *create_secure_context(const struct httpd_ssl_config *con free(ssl_ctx); return NULL; } - memcpy((char *)cfg->servercert_buf, config->cacert_pem, config->cacert_len); - cfg->servercert_bytes = config->cacert_len; + memcpy((char *)cfg->servercert_buf, config->servercert, config->servercert_len); + cfg->servercert_bytes = config->servercert_len; cfg->serverkey_buf = (unsigned char *)malloc(config->prvtkey_len); if (!cfg->serverkey_buf) { diff --git a/examples/protocols/esp_local_ctrl/main/CMakeLists.txt b/examples/protocols/esp_local_ctrl/main/CMakeLists.txt index 1438075309..cb680e3bce 100644 --- a/examples/protocols/esp_local_ctrl/main/CMakeLists.txt +++ b/examples/protocols/esp_local_ctrl/main/CMakeLists.txt @@ -1,3 +1,3 @@ idf_component_register(SRCS "app_main.c" "esp_local_ctrl_service.c" INCLUDE_DIRS "." - EMBED_TXTFILES "certs/cacert.pem" "certs/prvtkey.pem") + EMBED_TXTFILES "certs/servercert.pem" "certs/prvtkey.pem") diff --git a/examples/protocols/esp_local_ctrl/main/certs/cacert.pem b/examples/protocols/esp_local_ctrl/main/certs/servercert.pem similarity index 100% rename from examples/protocols/esp_local_ctrl/main/certs/cacert.pem rename to examples/protocols/esp_local_ctrl/main/certs/servercert.pem diff --git a/examples/protocols/esp_local_ctrl/main/esp_local_ctrl_service.c b/examples/protocols/esp_local_ctrl/main/esp_local_ctrl_service.c index b5ac75ee79..13c1bd5d22 100644 --- a/examples/protocols/esp_local_ctrl/main/esp_local_ctrl_service.c +++ b/examples/protocols/esp_local_ctrl/main/esp_local_ctrl_service.c @@ -162,10 +162,10 @@ void start_esp_local_ctrl_service(void) httpd_ssl_config_t https_conf = HTTPD_SSL_CONFIG_DEFAULT(); /* Load server certificate */ - extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start"); - extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end"); - https_conf.cacert_pem = cacert_pem_start; - https_conf.cacert_len = cacert_pem_end - cacert_pem_start; + extern const unsigned char servercert_start[] asm("_binary_servercert_pem_start"); + extern const unsigned char servercert_end[] asm("_binary_servercert_pem_end"); + https_conf.servercert = servercert_start; + https_conf.servercert_len = servercert_end - servercert_start; /* Load server private key */ extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start"); diff --git a/examples/protocols/https_server/simple/main/CMakeLists.txt b/examples/protocols/https_server/simple/main/CMakeLists.txt index 149db35093..d2da700754 100644 --- a/examples/protocols/https_server/simple/main/CMakeLists.txt +++ b/examples/protocols/https_server/simple/main/CMakeLists.txt @@ -1,4 +1,4 @@ idf_component_register(SRCS "main.c" INCLUDE_DIRS "." - EMBED_TXTFILES "certs/cacert.pem" + EMBED_TXTFILES "certs/servercert.pem" "certs/prvtkey.pem") diff --git a/examples/protocols/https_server/simple/main/certs/cacert.pem b/examples/protocols/https_server/simple/main/certs/servercert.pem similarity index 100% rename from examples/protocols/https_server/simple/main/certs/cacert.pem rename to examples/protocols/https_server/simple/main/certs/servercert.pem diff --git a/examples/protocols/https_server/simple/main/main.c b/examples/protocols/https_server/simple/main/main.c index 658400e2f8..bb6074e032 100644 --- a/examples/protocols/https_server/simple/main/main.c +++ b/examples/protocols/https_server/simple/main/main.c @@ -81,10 +81,10 @@ static httpd_handle_t start_webserver(void) httpd_ssl_config_t conf = HTTPD_SSL_CONFIG_DEFAULT(); - extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start"); - extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end"); - conf.cacert_pem = cacert_pem_start; - conf.cacert_len = cacert_pem_end - cacert_pem_start; + extern const unsigned char servercert_start[] asm("_binary_servercert_pem_start"); + extern const unsigned char servercert_end[] asm("_binary_servercert_pem_end"); + conf.servercert = servercert_start; + conf.servercert_len = servercert_end - servercert_start; extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start"); extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end"); diff --git a/examples/protocols/https_server/wss_server/main/CMakeLists.txt b/examples/protocols/https_server/wss_server/main/CMakeLists.txt index 0093301a39..322d41956d 100644 --- a/examples/protocols/https_server/wss_server/main/CMakeLists.txt +++ b/examples/protocols/https_server/wss_server/main/CMakeLists.txt @@ -1,4 +1,4 @@ idf_component_register(SRCS "wss_server_example.c" "keep_alive.c" INCLUDE_DIRS "." - EMBED_TXTFILES "certs/cacert.pem" + EMBED_TXTFILES "certs/servercert.pem" "certs/prvtkey.pem") diff --git a/examples/protocols/https_server/wss_server/main/certs/cacert.pem b/examples/protocols/https_server/wss_server/main/certs/servercert.pem similarity index 100% rename from examples/protocols/https_server/wss_server/main/certs/cacert.pem rename to examples/protocols/https_server/wss_server/main/certs/servercert.pem diff --git a/examples/protocols/https_server/wss_server/main/wss_server_example.c b/examples/protocols/https_server/wss_server/main/wss_server_example.c index 093033c4b7..0afca5b49a 100644 --- a/examples/protocols/https_server/wss_server/main/wss_server_example.c +++ b/examples/protocols/https_server/wss_server/main/wss_server_example.c @@ -182,10 +182,10 @@ static httpd_handle_t start_wss_echo_server(void) conf.httpd.open_fn = wss_open_fd; conf.httpd.close_fn = wss_close_fd; - extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start"); - extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end"); - conf.cacert_pem = cacert_pem_start; - conf.cacert_len = cacert_pem_end - cacert_pem_start; + extern const unsigned char servercert_start[] asm("_binary_servercert_pem_start"); + extern const unsigned char servercert_end[] asm("_binary_servercert_pem_end"); + conf.servercert = servercert_start; + conf.servercert_len = servercert_end - servercert_start; extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start"); extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end"); diff --git a/examples/protocols/https_server/wss_server/wss_server_example_test.py b/examples/protocols/https_server/wss_server/wss_server_example_test.py index 7e16256913..2b4f9e994e 100644 --- a/examples/protocols/https_server/wss_server/wss_server_example_test.py +++ b/examples/protocols/https_server/wss_server/wss_server_example_test.py @@ -1,18 +1,7 @@ #!/usr/bin/env python # -# Copyright 2021 Espressif Systems (Shanghai) CO LTD -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD +# SPDX-License-Identifier: Apache-2.0 from __future__ import division, print_function, unicode_literals @@ -140,7 +129,7 @@ def test_examples_protocol_https_wss_server(env, extra_data): # type: (tiny_tes Utility.console_log('Got IP : ' + got_ip) Utility.console_log('Got Port : ' + got_port) - ca_file = os.path.join(os.path.dirname(__file__), 'main', 'certs', 'cacert.pem') + ca_file = os.path.join(os.path.dirname(__file__), 'main', 'certs', 'servercert.pem') # Start ws server test with WsClient(got_ip, int(got_port), ca_file) as ws: # Check for echo diff --git a/tools/ci/check_copyright_ignore.txt b/tools/ci/check_copyright_ignore.txt index 9589e413c7..3d822d1a3a 100644 --- a/tools/ci/check_copyright_ignore.txt +++ b/tools/ci/check_copyright_ignore.txt @@ -2524,7 +2524,6 @@ examples/protocols/https_server/simple/main/main.c examples/protocols/https_server/wss_server/main/keep_alive.c examples/protocols/https_server/wss_server/main/keep_alive.h examples/protocols/https_server/wss_server/main/wss_server_example.c -examples/protocols/https_server/wss_server/wss_server_example_test.py examples/protocols/https_x509_bundle/example_test.py examples/protocols/https_x509_bundle/main/https_x509_bundle_example_main.c examples/protocols/icmp_echo/example_test.py