Merge branch 'refactor/esp_https_server_api_cleanup' into 'master'

esp_https_server: API cleanup

Closes IDFGH-6540

See merge request espressif/esp-idf!17136

components/esp_https_server/include/esp_https_server.h

@@ -50,22 +50,18 @@ struct httpd_ssl_config {
      */
     httpd_config_t httpd;
 
-    /** CA certificate (here it is treated as server cert)
+    /** Server certificate */
-     * Todo: Fix this change in release/v5.0 as it would be a breaking change
+    const uint8_t *servercert;
-     * i.e. Rename the nomenclature of variables holding different certs in https_server component as well as example
+
-     * 1)The cacert variable should hold the CA which is used to authenticate clients (should inherit current role of client_verify_cert_pem var)
+    /** Server certificate byte length */
-     * 2)There should be another variable servercert which whould hold servers own certificate (should inherit current role of cacert var) */
+    size_t servercert_len;
+
+    /** CA certificate ((CA used to sign clients, or client cert itself) */
     const uint8_t *cacert_pem;
 
     /** CA certificate byte length */
     size_t cacert_len;
 
-    /** Client verify authority certificate (CA used to sign clients, or client cert itself */
-    const uint8_t *client_verify_cert_pem;
-
-    /** Client verify authority cert len */
-    size_t client_verify_cert_len;
-
     /** Private key */
     const uint8_t *prvtkey_pem;
 
@@ -123,10 +119,10 @@ typedef struct httpd_ssl_config httpd_ssl_config_t;
         .close_fn = NULL,                         \
         .uri_match_fn = NULL                      \
     },                                            \
+    .servercert = NULL,                           \
+    .servercert_len = 0,                          \
     .cacert_pem = NULL,                           \
     .cacert_len = 0,                              \
-    .client_verify_cert_pem = NULL,               \
-    .client_verify_cert_len = 0,                  \
     .prvtkey_pem = NULL,                          \
     .prvtkey_len = 0,                             \
     .transport_mode = HTTPD_SSL_TRANSPORT_SECURE, \

components/esp_https_server/src/https_server.c

@@ -181,20 +181,20 @@ static httpd_ssl_ctx_t *create_secure_context(const struct httpd_ssl_config *con
 
     ssl_ctx->tls_cfg = cfg;
     ssl_ctx->user_cb = config->user_cb;
-/* cacert = CA which signs client cert, or client cert itself , which is mapped to client_verify_cert_pem */
+/* cacert = CA which signs client cert, or client cert itself */
-    if(config->client_verify_cert_pem != NULL) {
+    if(config->cacert_pem != NULL) {
-        cfg->cacert_buf = (unsigned char *)malloc(config->client_verify_cert_len);
+        cfg->cacert_buf = (unsigned char *)malloc(config->cacert_len);
         if (!cfg->cacert_buf) {
             ESP_LOGE(TAG, "Could not allocate memory");
             free(cfg);
             free(ssl_ctx);
             return NULL;
         }
-        memcpy((char *)cfg->cacert_buf, config->client_verify_cert_pem, config->client_verify_cert_len);
+        memcpy((char *)cfg->cacert_buf, config->cacert_pem, config->cacert_len);
-        cfg->cacert_bytes = config->client_verify_cert_len;
+        cfg->cacert_bytes = config->cacert_len;
     }
-/* servercert = cert of server itself ( in our case it is mapped to cacert in https_server example) */
+/* servercert = cert of server itself */
-    cfg->servercert_buf = (unsigned char *)malloc(config->cacert_len);
+    cfg->servercert_buf = (unsigned char *)malloc(config->servercert_len);
     if (!cfg->servercert_buf) {
         ESP_LOGE(TAG, "Could not allocate memory");
         free((void *)cfg->cacert_buf);
@@ -202,8 +202,8 @@ static httpd_ssl_ctx_t *create_secure_context(const struct httpd_ssl_config *con
         free(ssl_ctx);
         return NULL;
     }
-    memcpy((char *)cfg->servercert_buf, config->cacert_pem, config->cacert_len);
+    memcpy((char *)cfg->servercert_buf, config->servercert, config->servercert_len);
-    cfg->servercert_bytes = config->cacert_len;
+    cfg->servercert_bytes = config->servercert_len;
 
     cfg->serverkey_buf = (unsigned char *)malloc(config->prvtkey_len);
     if (!cfg->serverkey_buf) {

examples/protocols/esp_local_ctrl/main/CMakeLists.txt

@@ -1,3 +1,3 @@
 idf_component_register(SRCS "app_main.c" "esp_local_ctrl_service.c"
                     INCLUDE_DIRS "."
-                    EMBED_TXTFILES "certs/cacert.pem" "certs/prvtkey.pem")
+                    EMBED_TXTFILES "certs/servercert.pem" "certs/prvtkey.pem")

examples/protocols/esp_local_ctrl/main/esp_local_ctrl_service.c

@@ -162,10 +162,10 @@ void start_esp_local_ctrl_service(void)
     httpd_ssl_config_t https_conf = HTTPD_SSL_CONFIG_DEFAULT();
 
     /* Load server certificate */
-    extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");
+    extern const unsigned char servercert_start[] asm("_binary_servercert_pem_start");
-    extern const unsigned char cacert_pem_end[]   asm("_binary_cacert_pem_end");
+    extern const unsigned char servercert_end[]   asm("_binary_servercert_pem_end");
-    https_conf.cacert_pem = cacert_pem_start;
+    https_conf.servercert = servercert_start;
-    https_conf.cacert_len = cacert_pem_end - cacert_pem_start;
+    https_conf.servercert_len = servercert_end - servercert_start;
 
     /* Load server private key */
     extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");

examples/protocols/https_server/simple/main/CMakeLists.txt

@@ -1,4 +1,4 @@
 idf_component_register(SRCS "main.c"
                     INCLUDE_DIRS "."
-                    EMBED_TXTFILES "certs/cacert.pem"
+                    EMBED_TXTFILES "certs/servercert.pem"
                                    "certs/prvtkey.pem")

examples/protocols/https_server/simple/main/main.c

@@ -81,10 +81,10 @@ static httpd_handle_t start_webserver(void)
 
     httpd_ssl_config_t conf = HTTPD_SSL_CONFIG_DEFAULT();
 
-    extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");
+    extern const unsigned char servercert_start[] asm("_binary_servercert_pem_start");
-    extern const unsigned char cacert_pem_end[]   asm("_binary_cacert_pem_end");
+    extern const unsigned char servercert_end[]   asm("_binary_servercert_pem_end");
-    conf.cacert_pem = cacert_pem_start;
+    conf.servercert = servercert_start;
-    conf.cacert_len = cacert_pem_end - cacert_pem_start;
+    conf.servercert_len = servercert_end - servercert_start;
 
     extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");
     extern const unsigned char prvtkey_pem_end[]   asm("_binary_prvtkey_pem_end");

examples/protocols/https_server/wss_server/main/CMakeLists.txt

@@ -1,4 +1,4 @@
 idf_component_register(SRCS "wss_server_example.c" "keep_alive.c"
                     INCLUDE_DIRS "."
-                    EMBED_TXTFILES "certs/cacert.pem"
+                    EMBED_TXTFILES "certs/servercert.pem"
                                    "certs/prvtkey.pem")

examples/protocols/https_server/wss_server/main/wss_server_example.c

@@ -182,10 +182,10 @@ static httpd_handle_t start_wss_echo_server(void)
     conf.httpd.open_fn = wss_open_fd;
     conf.httpd.close_fn = wss_close_fd;
 
-    extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");
+    extern const unsigned char servercert_start[] asm("_binary_servercert_pem_start");
-    extern const unsigned char cacert_pem_end[]   asm("_binary_cacert_pem_end");
+    extern const unsigned char servercert_end[]   asm("_binary_servercert_pem_end");
-    conf.cacert_pem = cacert_pem_start;
+    conf.servercert = servercert_start;
-    conf.cacert_len = cacert_pem_end - cacert_pem_start;
+    conf.servercert_len = servercert_end - servercert_start;
 
     extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");
     extern const unsigned char prvtkey_pem_end[]   asm("_binary_prvtkey_pem_end");

examples/protocols/https_server/wss_server/wss_server_example_test.py

@@ -1,18 +1,7 @@
 #!/usr/bin/env python
 #
-# Copyright 2021 Espressif Systems (Shanghai) CO LTD
+# SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
-#
+# SPDX-License-Identifier: Apache-2.0
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
 
 from __future__ import division, print_function, unicode_literals
 
@@ -140,7 +129,7 @@ def test_examples_protocol_https_wss_server(env, extra_data):  # type: (tiny_tes
     Utility.console_log('Got IP   : ' + got_ip)
     Utility.console_log('Got Port : ' + got_port)
 
-    ca_file = os.path.join(os.path.dirname(__file__), 'main', 'certs', 'cacert.pem')
+    ca_file = os.path.join(os.path.dirname(__file__), 'main', 'certs', 'servercert.pem')
     # Start ws server test
     with WsClient(got_ip, int(got_port), ca_file) as ws:
         # Check for echo

tools/ci/check_copyright_ignore.txt

@@ -2524,7 +2524,6 @@ examples/protocols/https_server/simple/main/main.c
 examples/protocols/https_server/wss_server/main/keep_alive.c
 examples/protocols/https_server/wss_server/main/keep_alive.h
 examples/protocols/https_server/wss_server/main/wss_server_example.c
-examples/protocols/https_server/wss_server/wss_server_example_test.py
 examples/protocols/https_x509_bundle/example_test.py
 examples/protocols/https_x509_bundle/main/https_x509_bundle_example_main.c
 examples/protocols/icmp_echo/example_test.py