}
#endif
- if (cfg->cacert_pem_buf != NULL) {
- esp_ret = set_ca_cert(tls, cfg->cacert_pem_buf, cfg->cacert_pem_bytes);
+ if (cfg->cacert_buf != NULL) {
+ esp_ret = set_ca_cert(tls, cfg->cacert_buf, cfg->cacert_bytes);
if (esp_ret != ESP_OK) {
return esp_ret;
}
mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_NONE);
}
- if (cfg->servercert_pem_buf != NULL && cfg->serverkey_pem_buf != NULL) {
+ if (cfg->servercert_buf != NULL && cfg->serverkey_buf != NULL) {
esp_tls_pki_t pki = {
.public_cert = &tls->servercert,
.pk_key = &tls->serverkey,
- .publiccert_pem_buf = cfg->servercert_pem_buf,
- .publiccert_pem_bytes = cfg->servercert_pem_bytes,
- .privkey_pem_buf = cfg->serverkey_pem_buf,
- .privkey_pem_bytes = cfg->serverkey_pem_bytes,
+ .publiccert_pem_buf = cfg->servercert_buf,
+ .publiccert_pem_bytes = cfg->servercert_bytes,
+ .privkey_pem_buf = cfg->serverkey_buf,
+ .privkey_pem_bytes = cfg->serverkey_bytes,
.privkey_password = cfg->serverkey_password,
.privkey_password_len = cfg->serverkey_password_len,
};
if (esp_ret != ESP_OK) {
return esp_ret;
}
- } else if (cfg->cacert_pem_buf != NULL) {
- esp_err_t esp_ret = set_ca_cert(tls, cfg->cacert_pem_buf, cfg->cacert_pem_bytes);
+ } else if (cfg->cacert_buf != NULL) {
+ esp_err_t esp_ret = set_ca_cert(tls, cfg->cacert_buf, cfg->cacert_bytes);
if (esp_ret != ESP_OK) {
return esp_ret;
}
mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_NONE);
}
- if (cfg->clientcert_pem_buf != NULL && cfg->clientkey_pem_buf != NULL) {
+ if (cfg->clientcert_buf != NULL && cfg->clientkey_buf != NULL) {
esp_tls_pki_t pki = {
.public_cert = &tls->clientcert,
.pk_key = &tls->clientkey,
- .publiccert_pem_buf = cfg->clientcert_pem_buf,
- .publiccert_pem_bytes = cfg->clientcert_pem_bytes,
- .privkey_pem_buf = cfg->clientkey_pem_buf,
- .privkey_pem_bytes = cfg->clientkey_pem_bytes,
+ .publiccert_pem_buf = cfg->clientcert_buf,
+ .publiccert_pem_bytes = cfg->clientcert_bytes,
+ .privkey_pem_buf = cfg->clientkey_buf,
+ .privkey_pem_bytes = cfg->clientkey_bytes,
.privkey_password = cfg->clientkey_password,
.privkey_password_len = cfg->clientkey_password_len,
};
ESP_LOGE(TAG, "Failed to set server pki context");
return esp_ret;
}
- } else if (cfg->clientcert_pem_buf != NULL || cfg->clientkey_pem_buf != NULL) {
- ESP_LOGE(TAG, "You have to provide both clientcert_pem_buf and clientkey_pem_buf for mutual authentication");
+ } else if (cfg->clientcert_buf != NULL || cfg->clientkey_buf != NULL) {
+ ESP_LOGE(TAG, "You have to provide both clientcert_buf and clientkey_buf for mutual authentication");
return ESP_ERR_INVALID_STATE;
}
return ESP_OK;
ESP_LOGE(TAG, "mbedtls_ssl_handshake returned -0x%x", -ret);
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ERR_TYPE_MBEDTLS, -ret);
ESP_INT_EVENT_TRACKER_CAPTURE(tls->error_handle, ERR_TYPE_ESP, ESP_ERR_MBEDTLS_SSL_HANDSHAKE_FAILED);
- if (cfg->cacert_pem_buf != NULL || cfg->use_global_ca_store == true) {
+ if (cfg->cacert_buf != NULL || cfg->use_global_ca_store == true) {
/* This is to check whether handshake failed due to invalid certificate*/
verify_certificate(tls);
}
/**
* @brief ESP-TLS configuration parameters
+ *
+ * @note Note about format of certificates:
+ * - This structure includes certificates of a Certificate Authority, of client or server as well
+ * as private keys, which may be of PEM or DER format. In case of PEM format, the buffer must be
+ * NULL terminated (with NULL character included in certificate size).
+ * - Certificate Authority's certificate may be a chain of certificates in case of PEM format,
+ * but could be only one certificate in case of DER format
+ * - Variables names of certificates and private key buffers and sizes are defined as unions providing
+ * backward compatibility for legacy *_pem_buf and *_pem_bytes names which suggested only PEM format
+ * was supported. It is encouraged to use generic names such as cacert_buf and cacert_bytes.
*/
typedef struct esp_tls_cfg {
const char **alpn_protos; /*!< Application protocols required for HTTP2.
const char **alpn_protos = { "h2", NULL };
- where 'h2' is the protocol name */
- const unsigned char *cacert_pem_buf; /*!< Certificate Authority's certificate in a buffer.
+ union {
+ const unsigned char *cacert_buf; /*!< Certificate Authority's certificate in a buffer.
Format may be PEM or DER, depending on mbedtls-support
This buffer should be NULL terminated in case of PEM */
-
- unsigned int cacert_pem_bytes; /*!< Size of Certificate Authority certificate
- pointed to by cacert_pem_buf
+ const unsigned char *cacert_pem_buf; /*!< CA certificate buffer legacy name */
+ };
+
+ union {
+ unsigned int cacert_bytes; /*!< Size of Certificate Authority certificate
+ pointed to by cacert_buf
(including NULL-terminator in case of PEM format) */
+ unsigned int cacert_pem_bytes; /*!< Size of Certificate Authority certificate legacy name */
+ };
- const unsigned char *clientcert_pem_buf;/*!< Client certificate in a buffer
+ union {
+ const unsigned char *clientcert_buf; /*!< Client certificate in a buffer
Format may be PEM or DER, depending on mbedtls-support
This buffer should be NULL terminated in case of PEM */
+ const unsigned char *clientcert_pem_buf; /*!< Client certificate legacy name */
+ };
- unsigned int clientcert_pem_bytes; /*!< Size of client certificate pointed to by
+ union {
+ unsigned int clientcert_bytes; /*!< Size of client certificate pointed to by
clientcert_pem_buf
(including NULL-terminator in case of PEM format) */
+ unsigned int clientcert_pem_bytes; /*!< Size of client certificate legacy name */
+ };
- const unsigned char *clientkey_pem_buf; /*!< Client key in a buffer
+ union {
+ const unsigned char *clientkey_buf; /*!< Client key in a buffer
Format may be PEM or DER, depending on mbedtls-support
This buffer should be NULL terminated in case of PEM */
+ const unsigned char *clientkey_pem_buf; /*!< Client key legacy name */
+ };
- unsigned int clientkey_pem_bytes; /*!< Size of client key pointed to by
+ union {
+ unsigned int clientkey_bytes; /*!< Size of client key pointed to by
clientkey_pem_buf
(including NULL-terminator in case of PEM format) */
+ unsigned int clientkey_pem_bytes; /*!< Size of client key legacy name */
+ };
const unsigned char *clientkey_password;/*!< Client key decryption password string */
const char **alpn_protos = { "h2", NULL };
- where 'h2' is the protocol name */
- const unsigned char *cacert_pem_buf; /*!< Client CA certificate in a buffer.
+ union {
+ const unsigned char *cacert_buf; /*!< Client CA certificate in a buffer.
This buffer should be NULL terminated */
+ const unsigned char *cacert_pem_buf; /*!< Client CA certificate legacy name */
+ };
- unsigned int cacert_pem_bytes; /*!< Size of client CA certificate
+ union {
+ unsigned int cacert_bytes; /*!< Size of client CA certificate
pointed to by cacert_pem_buf */
+ unsigned int cacert_pem_bytes; /*!< Size of client CA certificate legacy name */
+ };
- const unsigned char *servercert_pem_buf; /*!< Server certificate in a buffer
+ union {
+ const unsigned char *servercert_buf; /*!< Server certificate in a buffer
This buffer should be NULL terminated */
+ const unsigned char *servercert_pem_buf; /*!< Server certificate legacy name */
+ };
- unsigned int servercert_pem_bytes; /*!< Size of server certificate pointed to by
+ union {
+ unsigned int servercert_bytes; /*!< Size of server certificate pointed to by
servercert_pem_buf */
+ unsigned int servercert_pem_bytes; /*!< Size of server certificate legacy name */
+ };
- const unsigned char *serverkey_pem_buf; /*!< Server key in a buffer
+ union {
+ const unsigned char *serverkey_buf; /*!< Server key in a buffer
This buffer should be NULL terminated */
+ const unsigned char *serverkey_pem_buf; /*!< Server key legacy name */
+ };
- unsigned int serverkey_pem_bytes; /*!< Size of server key pointed to by
+ union {
+ unsigned int serverkey_bytes; /*!< Size of server key pointed to by
serverkey_pem_buf */
+ unsigned int serverkey_pem_bytes; /*!< Size of server key legacy name */
+ };
const unsigned char *serverkey_password; /*!< Server key decryption password string */
assert(ctx != NULL);
esp_tls_cfg_server_t *cfg = (esp_tls_cfg_server_t *)ctx;
ESP_LOGI(TAG, "Server shuts down, releasing SSL context");
- if (cfg->servercert_pem_buf) {
- free((void *)cfg->servercert_pem_buf);
+ if (cfg->servercert_buf) {
+ free((void *)cfg->servercert_buf);
}
- if (cfg->serverkey_pem_buf) {
- free((void *)cfg->serverkey_pem_buf);
+ if (cfg->serverkey_buf) {
+ free((void *)cfg->serverkey_buf);
}
free(cfg);
}
if (!cfg) {
return NULL;
}
- cfg->servercert_pem_buf = (unsigned char *)malloc(config->cacert_len);
- if (!cfg->servercert_pem_buf) {
+ cfg->servercert_buf = (unsigned char *)malloc(config->cacert_len);
+ if (!cfg->servercert_buf) {
free(cfg);
return NULL;
}
- memcpy((char *)cfg->servercert_pem_buf, config->cacert_pem, config->cacert_len);
- cfg->servercert_pem_bytes = config->cacert_len;
+ memcpy((char *)cfg->servercert_buf, config->cacert_pem, config->cacert_len);
+ cfg->servercert_bytes = config->cacert_len;
- cfg->serverkey_pem_buf = (unsigned char *)malloc(config->prvtkey_len);
- if (!cfg->serverkey_pem_buf) {
- free((void *)cfg->servercert_pem_buf);
+ cfg->serverkey_buf = (unsigned char *)malloc(config->prvtkey_len);
+ if (!cfg->serverkey_buf) {
+ free((void *)cfg->servercert_buf);
free(cfg);
return NULL;
}
- memcpy((char *)cfg->serverkey_pem_buf, config->prvtkey_pem, config->prvtkey_len);
- cfg->serverkey_pem_bytes = config->prvtkey_len;
+ memcpy((char *)cfg->serverkey_buf, config->prvtkey_pem, config->prvtkey_len);
+ cfg->serverkey_bytes = config->prvtkey_len;
return cfg;
}
{
transport_ssl_t *ssl = esp_transport_get_context_data(t);
if (t && ssl) {
- ssl->cfg.cacert_pem_buf = (void *)data;
- ssl->cfg.cacert_pem_bytes = len;
+ ssl->cfg.cacert_buf = (void *)data;
+ ssl->cfg.cacert_bytes = len;
}
}
{
transport_ssl_t *ssl = esp_transport_get_context_data(t);
if (t && ssl) {
- ssl->cfg.clientcert_pem_buf = (void *)data;
- ssl->cfg.clientcert_pem_bytes = len;
+ ssl->cfg.clientcert_buf = (void *)data;
+ ssl->cfg.clientcert_bytes = len;
}
}
{
transport_ssl_t *ssl = esp_transport_get_context_data(t);
if (t && ssl) {
- ssl->cfg.clientkey_pem_buf = (void *)data;
- ssl->cfg.clientkey_pem_bytes = len;
+ ssl->cfg.clientkey_buf = (void *)data;
+ ssl->cfg.clientkey_bytes = len;
}
}
while(1) {
esp_tls_cfg_t cfg = {
- .cacert_pem_buf = server_root_cert_pem_start,
- .cacert_pem_bytes = server_root_cert_pem_end - server_root_cert_pem_start,
+ .cacert_buf = server_root_cert_pem_start,
+ .cacert_bytes = server_root_cert_pem_end - server_root_cert_pem_start,
};
struct esp_tls *tls = esp_tls_conn_http_new(WEB_URL, &cfg);
projects / esp-idf / commitdiff