Wykres commitów

44 Commity (63edf76c36fd2fb8ebcbf0d90f5157453112f64f)

Autor SHA1 Wiadomość Data
David Cermak 0f72c05d78 openssl: made verification mode conversion to mbetls modes more strict 2020-07-14 10:42:17 +00:00
David Cermak 1c8171c3e8 asio: option to use wolfSSL as TLS stack for ASIO
Plus other minor update, make openssl aware of current modes (SSL_set_mode)
Update coding style in examples and tests, including copyright notices
2020-07-14 10:42:17 +00:00
David Cermak 9459c0dd43 asio: Basic SSL/TLS support in asio port for ESP platform
This port employs IDF port of OpenSSL for most common features, others
are discouraged or not supported. The port also introduces several stubs
for OpenSSL functions which ASIO needs to get compiled and linked.

Upstream ASIO supports WolfSSL as SSL/TLS stack, as well, which is
another option for SSL support in ASIO on ESP platform.
2020-07-14 10:42:17 +00:00
David Cermak bd1e9b5ea7 openssl: basic support for errors and bio objects
Closes https://github.com/espressif/esp-idf/issues/3406
2020-07-14 10:42:17 +00:00
Chris Morgan 3e1633354a ssl_pm_reload_crt() - Fix verify_mode checking to match openssl documentation https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_verify.html
Merges https://github.com/espressif/esp-idf/pull/2162
2018-07-09 14:41:56 +08:00
Ivan Grokhotkov cb649e452f remove executable permission from source files 2018-05-29 20:07:45 +08:00
Ivan Grokhotkov 022b4f3251 openssl: add feature check for MBEDTLS_SSL_ALPN
Fixes https://github.com/espressif/esp-idf/issues/1342
2017-12-08 13:00:11 +08:00
Andy Green effc6c6d0d openssl wrapper: introduce X509_VERIFY_PARAM_set1_host
This lets the user code set the mbedtls hostname using the standard OpenSSL
X509_VERIFY_PARAM_set1_host() API semantics.

The API takes an X509_VERIFY_PARAM pointer.  We use the fact that is
a composed member of the SSL struct to derive the SSL pointer.

The X509_VERIFY_PARAM_set1_host() is unusual in that it can accept a
NUL terminated C string as usual, or a nonterminated pointer + length.
This implementation converts the latter to the former if given, before
using it.

This is enough for user code to get the openssl wrapper to make
mbedtls confirm the CN on the peer cert belongs to the hostname used
to reach it, by doing, eg

	X509_VERIFY_PARAM_set1_host(SSL_get0_param(myssl), myhostname, 0);

Merges https://github.com/espressif/esp-idf/pull/980
2017-11-20 16:24:06 +11:00
Kedar Sovani b65f47c586 [openssl] Add support for SNI (sending the hostname) 2017-10-31 16:57:38 +05:30
Kedar Sovani 3420baa01b [openssl] Add support for defining ALPN protocols 2017-10-31 16:57:38 +05:30
Angus Gratton c503a01388 mbedtls: Rename net to net_sockets (in line with 2.4.0 API change) 2017-09-07 18:02:39 +10:00
Dong Heng 25e2b07010 components/openssl : Fix compilation error when openssl debugging is enabled 2017-02-20 09:45:50 +08:00
Dong Heng 93395a3370 components/openssl: Add more debugging information at platform level 2017-01-26 10:12:58 +08:00
Dong Heng 905180667c components/openssl: refactor openssl debugging and assert function
1. add openssl option at menuconfig
2. remove SSL_ERR to reduce complexity
3. add more functions about debugging and assert

According these, our coders and customers may use and debug the OpenSSL code easily.
2017-01-17 10:15:26 +08:00
Dong Heng 8c7dfef317 examples/10_openssl_server: fixup SSL server with method of specific version
1. add method of any version supporting at OpenSSL and add API in header file
2. change OpenSSL server context method to be method of any version

Fixes http://esp32.com/viewtopic.php?f=14&t=696.
2017-01-05 15:57:25 +08:00
Ivan Grokhotkov 2393d829de remove legacy definitions from esp_types.h 2016-11-22 21:14:36 +08:00
Dong Heng dfaac25a37 feature/openssl: add openssl server demo and remove some check function 2016-11-15 15:04:21 +08:00
Dong Heng 734c1dd954 components/openssl: sync the code form esp8266 sdk 2016-11-14 09:40:12 +08:00
Dong Heng 12e78e9590 components/openssl: add more debug stream output function 2016-11-01 15:16:14 +08:00
Dong Heng fc6b52574a components/openssl: refactor the SSL port function and debug function 2016-11-01 13:07:10 +08:00
Dong Heng 37a68ad605 components/openssl: fix SSL X509 show message, leaking memory 2016-10-09 19:02:31 +08:00
Dong Heng 47e83ee65e components/openssl: add SSL any version function setting 2016-10-09 17:49:16 +08:00
Dong Heng 2033068a72 components/openssl: add internal openssl X509 debug function 2016-10-09 16:42:49 +08:00
Dong Heng 9e20d31f89 components/openssl: fix extra certification loading 2016-09-27 19:06:07 +08:00
Dong Heng 652ddae44f components/openssl: change low-level certification loading sequence 2016-09-27 14:28:39 +08:00
Dong Heng 3882937427 components/openssl: add debug message and change verifying mode 2016-09-27 10:06:24 +08:00
Dong Heng cf4aaf6397 components/openssl: optimize the SSL certification and private key function
1. add inheritance function
2. remove low-level platform unload cert & pkey function
3. optimize the cert load and free function
2016-09-26 11:14:19 +08:00
Dong Heng e1c4a4bfa3 components/openssl: add cert and pkey extra object point
the point is pointed to its father's object and should not free
just set NULL if not use
2016-09-23 18:47:09 +08:00
Dong Heng d2bc170b86 components/openssl: add SSL session function
1. add SSL session new and free function
2. add SSL session peer cert get and free operation
3. above all, change low-level cert object to be object point not object
2016-09-23 18:13:10 +08:00
dongheng 59bb9a9a01 components/openssl: [TW7411] supply doxygen type note 2016-09-23 14:50:27 +08:00
dongheng db9becfa74 components/openssl: free peer cert X509 object when SSL_free 2016-09-23 13:38:11 +08:00
dongheng e475d0539e components/openssl: add SSL and SSL context verify mode selection 2016-09-23 11:41:57 +08:00
dongheng f5d9bfc7ae components/openssl: fix SSL get peer cert struct point type error
1. fix SSL get peer cert struct point type error
	2. some function use "zalloc" instead of "malloc"
2016-09-23 11:03:13 +08:00
dongheng 07c8bbca6c components/openssl: SSL low-level reload cert when user add new cert 2016-09-23 10:53:18 +08:00
dongheng 9fc054bb55 components/openssl: SSL load cert with creating new cert object
1. when 'SSL_new' SSL's cert is pointed to SSL context cert
           If SSL load new cert, it will create a new cert object
        2. change some debug informaion
2016-09-23 10:33:31 +08:00
dongheng 1bfedf9816 components/openssl: fix the SSL_free memory leak 2016-09-22 18:33:55 +08:00
dongheng 18787fd4fc components/openssl: add empty fucntion to get peer certification and fix ref overflow 2016-09-22 17:20:07 +08:00
dongheng f796b4e58e components/openssl: SSL load verify data from itself structure when "new" 2016-09-22 16:41:51 +08:00
dongheng fa6f03f77f components/openssl: add function to load certification or private key more than one time 2016-09-22 16:08:36 +08:00
dongheng b3145446aa components/openssl: add function "ssl_pm_get_verify_result"
1. add function ssl_pm_get_verify_result
	2. add its platform low-level interface
2016-09-22 15:15:16 +08:00
dongheng 845ca8b34f components/openssl: delete ssl_rsa.c & .h file 2016-09-22 11:43:59 +08:00
dongheng 6bd3d62d7c components/openssl: add license header 2016-09-22 10:28:08 +08:00
dongheng 5adc661d05 components/openssl: add more interface for application 2016-09-21 09:23:29 +08:00
dongheng 44c466c0ea components/openssl: add base function version 2016-09-20 16:58:46 +08:00