Example Configuration ->
1. Target Domain : the domain that you want to connect to, and default is "www.baidu.com".
2. Target port number : the port number of the target domain, and default is 443.
- 3. WiFi SSID : you own wifi, which is connected to the Internet, and default is "myssid".
- 4. WiFi Password : wifi password, and default is "mypassword"
+ 3. WIFI SSID : your own WIFI, which is connected to the Internet, and default is "myssid".
+ 4. WIFI Password : WIFI password, and default is "mypassword"
If you want to test the OpenSSL client demo:
1. compile the code and load the firmware
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD\r
-//\r
-// Licensed under the Apache License, Version 2.0 (the "License");\r
-// you may not use this file except in compliance with the License.\r
-// You may obtain a copy of the License at\r
-\r
-// http://www.apache.org/licenses/LICENSE-2.0\r
-//\r
-// Unless required by applicable law or agreed to in writing, software\r
-// distributed under the License is distributed on an "AS IS" BASIS,\r
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-// See the License for the specific language governing permissions and\r
-// limitations under the License.\r
-\r
-#include "openssl_client.h"\r
-\r
-#include <string.h>\r
-\r
-#include "openssl/ssl.h"\r
-\r
-#include "freertos/FreeRTOS.h"\r
-#include "freertos/task.h"\r
-#include "freertos/event_groups.h"\r
-\r
-#include "esp_types.h"\r
-#include "esp_log.h"\r
-#include "esp_system.h"\r
-#include "esp_wifi.h"\r
-#include "esp_event_loop.h"\r
-#include "esp_log.h"\r
-\r
-#include "nvs_flash.h"\r
-#include "tcpip_adapter.h"\r
-\r
-#include "lwip/sockets.h"\r
-#include "lwip/netdb.h"\r
-\r
-static EventGroupHandle_t wifi_event_group;\r
-\r
-/* The event group allows multiple bits for each event,\r
- but we only care about one event - are we connected\r
- to the AP with an IP? */\r
-const static int CONNECTED_BIT = BIT0;\r
-\r
-const static char *TAG = "Openssl_demo";\r
-\r
-void openssl_demo_thread(void *p)\r
-{\r
- int ret;\r
- SSL_CTX *ctx;\r
- SSL *ssl;\r
- int socket;\r
- struct sockaddr_in sock_addr;\r
- struct hostent *hp;\r
- struct ip4_addr *ip4_addr;\r
- \r
- int recv_bytes = 0;\r
- char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN];\r
- \r
- const char send_data[] = OPENSSL_DEMO_REQUEST;\r
- const int send_bytes = sizeof(send_data);\r
-\r
- ESP_LOGI(TAG, "OpenSSL demo thread start OK");\r
-\r
- ESP_LOGI(TAG, "get target IP address");\r
- hp = gethostbyname(OPENSSL_DEMO_TARGET_NAME);\r
- if (!hp) {\r
- ESP_LOGI(TAG, "failed");\r
- goto failed1;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
- ip4_addr = (struct ip4_addr *)hp->h_addr;\r
- ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr));\r
-\r
- ESP_LOGI(TAG, "create SSL context ......");\r
- ctx = SSL_CTX_new(TLSv1_1_client_method());\r
- if (!ctx) {\r
- ESP_LOGI(TAG, "failed");\r
- goto failed1;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
- ESP_LOGI(TAG, "create socket ......");\r
- socket = socket(AF_INET, SOCK_STREAM, 0);\r
- if (socket < 0) {\r
- ESP_LOGI(TAG, "failed");\r
- goto failed2;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
- ESP_LOGI(TAG, "bind socket ......");\r
- memset(&sock_addr, 0, sizeof(sock_addr));\r
- sock_addr.sin_family = AF_INET;\r
- sock_addr.sin_addr.s_addr = 0;\r
- sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT);\r
- ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));\r
- if (ret) {\r
- ESP_LOGI(TAG, "failed");\r
- goto failed3;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
- ESP_LOGI(TAG, "socket connect to remote %s ......", OPENSSL_DEMO_TARGET_NAME);\r
- memset(&sock_addr, 0, sizeof(sock_addr));\r
- sock_addr.sin_family = AF_INET;\r
- sock_addr.sin_addr.s_addr = ip4_addr->addr;\r
- sock_addr.sin_port = htons(OPENSSL_DEMO_TARGET_TCP_PORT);\r
- ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));\r
- if (ret) {\r
- ESP_LOGI(TAG, "failed");\r
- goto failed3;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
- ESP_LOGI(TAG, "create SSL ......");\r
- ssl = SSL_new(ctx);\r
- if (!ssl) {\r
- ESP_LOGI(TAG, "failed");\r
- goto failed3;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
- SSL_set_fd(ssl, socket);\r
-\r
- ESP_LOGI(TAG, "SSL connected to %s port %d ......",\r
- OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT);\r
- ret = SSL_connect(ssl);\r
- if (!ret) {\r
- ESP_LOGI(TAG, "failed " );\r
- goto failed4;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
- ESP_LOGI(TAG, "send https request to %s port %d ......",\r
- OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT);\r
- ret = SSL_write(ssl, send_data, send_bytes);\r
- if (ret <= 0) {\r
- ESP_LOGI(TAG, "failed");\r
- goto failed5;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
- do {\r
- ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1);\r
- if (ret <= 0) {\r
- break;\r
- }\r
- recv_bytes += ret;\r
- ESP_LOGI(TAG, "%s", recv_buf);\r
- } while (1);\r
- \r
- ESP_LOGI(TAG, "totaly read %d bytes data from %s ......", recv_bytes, OPENSSL_DEMO_TARGET_NAME);\r
-\r
-failed5:\r
- SSL_shutdown(ssl);\r
-failed4:\r
- SSL_free(ssl);\r
- ssl = NULL;\r
-failed3:\r
- close(socket);\r
- socket = -1;\r
-failed2:\r
- SSL_CTX_free(ctx);\r
- ctx = NULL;\r
-failed1:\r
- vTaskDelete(NULL);\r
- return ;\r
-}\r
-\r
-static void openssl_client_init(void)\r
-{\r
- int ret;\r
- xTaskHandle openssl_handle;\r
-\r
- ret = xTaskCreate(openssl_demo_thread,\r
- OPENSSL_DEMO_THREAD_NAME,\r
- OPENSSL_DEMO_THREAD_STACK_WORDS,\r
- NULL,\r
- OPENSSL_DEMO_THREAD_PRORIOTY,\r
- &openssl_handle); \r
-\r
- if (ret != pdPASS) {\r
- ESP_LOGI(TAG, "create thread %s failed", OPENSSL_DEMO_THREAD_NAME);\r
- }\r
-}\r
-\r
-static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)\r
-{\r
- switch(event->event_id) {\r
- case SYSTEM_EVENT_STA_START:\r
- esp_wifi_connect();\r
- break;\r
- case SYSTEM_EVENT_STA_GOT_IP:\r
- xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);\r
- openssl_client_init();\r
- break;\r
- case SYSTEM_EVENT_STA_DISCONNECTED:\r
- /* This is a workaround as ESP32 WiFi libs don't currently\r
- auto-reassociate. */\r
- esp_wifi_connect(); \r
- xEventGroupClearBits(wifi_event_group, CONNECTED_BIT);\r
- break;\r
- default:\r
- break;\r
- }\r
- return ESP_OK;\r
-}\r
-\r
-static void wifi_conn_init(void)\r
-{\r
- tcpip_adapter_init();\r
- wifi_event_group = xEventGroupCreate();\r
- ESP_ERROR_CHECK( esp_event_loop_init(wifi_event_handler, NULL) );\r
- wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();\r
- ESP_ERROR_CHECK( esp_wifi_init(&cfg) );\r
- ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) );\r
- wifi_config_t wifi_config = {\r
- .sta = {\r
- .ssid = EXAMPLE_WIFI_SSID,\r
- .password = EXAMPLE_WIFI_PASS,\r
- },\r
- };\r
- ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) );\r
- ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) );\r
- ESP_LOGI(TAG, "start the WIFI SSID:[%s] password:[%s]\n", EXAMPLE_WIFI_SSID, EXAMPLE_WIFI_PASS);\r
- ESP_ERROR_CHECK( esp_wifi_start() );\r
-}\r
-\r
-void app_main(void)\r
-{\r
- nvs_flash_init();\r
- wifi_conn_init();\r
-}\r
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "openssl_client.h"
+
+#include <string.h>
+
+#include "openssl/ssl.h"
+
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "freertos/event_groups.h"
+
+#include "esp_log.h"
+#include "esp_wifi.h"
+#include "esp_event_loop.h"
+
+#include "nvs_flash.h"
+
+#include "lwip/sockets.h"
+#include "lwip/netdb.h"
+
+static EventGroupHandle_t wifi_event_group;
+
+/* The event group allows multiple bits for each event,
+ but we only care about one event - are we connected
+ to the AP with an IP? */
+const static int CONNECTED_BIT = BIT0;
+
+const static char *TAG = "Openssl_demo";
+
+void openssl_demo_thread(void *p)
+{
+ int ret;
+ SSL_CTX *ctx;
+ SSL *ssl;
+ int socket;
+ struct sockaddr_in sock_addr;
+ struct hostent *hp;
+ struct ip4_addr *ip4_addr;
+
+ int recv_bytes = 0;
+ char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN];
+
+ const char send_data[] = OPENSSL_DEMO_REQUEST;
+ const int send_bytes = sizeof(send_data);
+
+ ESP_LOGI(TAG, "OpenSSL demo thread start OK");
+
+ ESP_LOGI(TAG, "get target IP address");
+ hp = gethostbyname(OPENSSL_DEMO_TARGET_NAME);
+ if (!hp) {
+ ESP_LOGI(TAG, "failed");
+ goto failed1;
+ }
+ ESP_LOGI(TAG, "OK");
+
+ ip4_addr = (struct ip4_addr *)hp->h_addr;
+ ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr));
+
+ ESP_LOGI(TAG, "create SSL context ......");
+ ctx = SSL_CTX_new(TLSv1_1_client_method());
+ if (!ctx) {
+ ESP_LOGI(TAG, "failed");
+ goto failed1;
+ }
+ ESP_LOGI(TAG, "OK");
+
+ ESP_LOGI(TAG, "create socket ......");
+ socket = socket(AF_INET, SOCK_STREAM, 0);
+ if (socket < 0) {
+ ESP_LOGI(TAG, "failed");
+ goto failed2;
+ }
+ ESP_LOGI(TAG, "OK");
+
+ ESP_LOGI(TAG, "bind socket ......");
+ memset(&sock_addr, 0, sizeof(sock_addr));
+ sock_addr.sin_family = AF_INET;
+ sock_addr.sin_addr.s_addr = 0;
+ sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT);
+ ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
+ if (ret) {
+ ESP_LOGI(TAG, "failed");
+ goto failed3;
+ }
+ ESP_LOGI(TAG, "OK");
+
+ ESP_LOGI(TAG, "socket connect to remote %s ......", OPENSSL_DEMO_TARGET_NAME);
+ memset(&sock_addr, 0, sizeof(sock_addr));
+ sock_addr.sin_family = AF_INET;
+ sock_addr.sin_addr.s_addr = ip4_addr->addr;
+ sock_addr.sin_port = htons(OPENSSL_DEMO_TARGET_TCP_PORT);
+ ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
+ if (ret) {
+ ESP_LOGI(TAG, "failed");
+ goto failed3;
+ }
+ ESP_LOGI(TAG, "OK");
+
+ ESP_LOGI(TAG, "create SSL ......");
+ ssl = SSL_new(ctx);
+ if (!ssl) {
+ ESP_LOGI(TAG, "failed");
+ goto failed3;
+ }
+ ESP_LOGI(TAG, "OK");
+
+ SSL_set_fd(ssl, socket);
+
+ ESP_LOGI(TAG, "SSL connected to %s port %d ......",
+ OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT);
+ ret = SSL_connect(ssl);
+ if (!ret) {
+ ESP_LOGI(TAG, "failed " );
+ goto failed4;
+ }
+ ESP_LOGI(TAG, "OK");
+
+ ESP_LOGI(TAG, "send https request to %s port %d ......",
+ OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT);
+ ret = SSL_write(ssl, send_data, send_bytes);
+ if (ret <= 0) {
+ ESP_LOGI(TAG, "failed");
+ goto failed5;
+ }
+ ESP_LOGI(TAG, "OK");
+
+ do {
+ ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1);
+ if (ret <= 0) {
+ break;
+ }
+ recv_bytes += ret;
+ ESP_LOGI(TAG, "%s", recv_buf);
+ } while (1);
+
+ ESP_LOGI(TAG, "totaly read %d bytes data from %s ......", recv_bytes, OPENSSL_DEMO_TARGET_NAME);
+
+failed5:
+ SSL_shutdown(ssl);
+failed4:
+ SSL_free(ssl);
+ ssl = NULL;
+failed3:
+ close(socket);
+ socket = -1;
+failed2:
+ SSL_CTX_free(ctx);
+ ctx = NULL;
+failed1:
+ vTaskDelete(NULL);
+ return ;
+}
+
+static void openssl_client_init(void)
+{
+ int ret;
+ xTaskHandle openssl_handle;
+
+ ret = xTaskCreate(openssl_demo_thread,
+ OPENSSL_DEMO_THREAD_NAME,
+ OPENSSL_DEMO_THREAD_STACK_WORDS,
+ NULL,
+ OPENSSL_DEMO_THREAD_PRORIOTY,
+ &openssl_handle);
+
+ if (ret != pdPASS) {
+ ESP_LOGI(TAG, "create thread %s failed", OPENSSL_DEMO_THREAD_NAME);
+ }
+}
+
+static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
+{
+ switch(event->event_id) {
+ case SYSTEM_EVENT_STA_START:
+ esp_wifi_connect();
+ break;
+ case SYSTEM_EVENT_STA_GOT_IP:
+ xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
+ openssl_client_init();
+ break;
+ case SYSTEM_EVENT_STA_DISCONNECTED:
+ /* This is a workaround as ESP32 WiFi libs don't currently
+ auto-reassociate. */
+ esp_wifi_connect();
+ xEventGroupClearBits(wifi_event_group, CONNECTED_BIT);
+ break;
+ default:
+ break;
+ }
+ return ESP_OK;
+}
+
+static void wifi_conn_init(void)
+{
+ tcpip_adapter_init();
+ wifi_event_group = xEventGroupCreate();
+ ESP_ERROR_CHECK( esp_event_loop_init(wifi_event_handler, NULL) );
+ wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+ ESP_ERROR_CHECK( esp_wifi_init(&cfg) );
+ ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) );
+ wifi_config_t wifi_config = {
+ .sta = {
+ .ssid = EXAMPLE_WIFI_SSID,
+ .password = EXAMPLE_WIFI_PASS,
+ },
+ };
+ ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) );
+ ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) );
+ ESP_LOGI(TAG, "start the WIFI SSID:[%s] password:[%s]\n", EXAMPLE_WIFI_SSID, EXAMPLE_WIFI_PASS);
+ ESP_ERROR_CHECK( esp_wifi_start() );
+}
+
+void app_main(void)
+{
+ nvs_flash_init();
+ wifi_conn_init();
+}
First you should configure the project by "make menuconfig":
Example Configuration ->
- 1. WiFi SSID: WiFi network to which your PC is also connected to.
- 1. WiFi Password: wifi password
+ 1. WIFI SSID: WIFI network to which your PC is also connected to.
+ 1. WIFI Password: WIFI password
IF you want to test the OpenSSL server demo:
1. compile the code and load the firmware
Note:
The private key and certification at the example are not trusted by web browser, because they are not created by CA official, just by ourselves.
- You can alse create your own private key and ceritification by "openssl at ubuntu or others".
+ You can alse create your own private key and ceritification by "openssl at ubuntu or others".
+ We have the document of "ESP8266_SDKSSL_User_Manual_EN_v1.4.pdf" at "http://www.espressif.com/en/support/download/documents". By it you can gernerate the private key and certification with the fomate of ".pem"
See the README.md file in the upper level 'examples' directory for more information about examples.
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD\r
-//\r
-// Licensed under the Apache License, Version 2.0 (the "License");\r
-// you may not use this file except in compliance with the License.\r
-// You may obtain a copy of the License at\r
-\r
-// http://www.apache.org/licenses/LICENSE-2.0\r
-//\r
-// Unless required by applicable law or agreed to in writing, software\r
-// distributed under the License is distributed on an "AS IS" BASIS,\r
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-// See the License for the specific language governing permissions and\r
-// limitations under the License.\r
-\r
-#include "openssl_server.h"\r
-\r
-#include <string.h>\r
-\r
-#include "openssl/ssl.h"\r
-\r
-#include "freertos/FreeRTOS.h"\r
-#include "freertos/task.h"\r
-#include "freertos/event_groups.h"\r
-\r
-#include "esp_types.h"\r
-#include "esp_log.h"\r
-#include "esp_system.h"\r
-#include "esp_wifi.h"\r
-#include "esp_event_loop.h"\r
-#include "esp_log.h"\r
-\r
-#include "nvs_flash.h"\r
-#include "tcpip_adapter.h"\r
-\r
-#include "lwip/sockets.h"\r
-#include "lwip/netdb.h"\r
-\r
-static EventGroupHandle_t wifi_event_group;\r
-\r
-/* The event group allows multiple bits for each event,\r
- but we only care about one event - are we connected\r
- to the AP with an IP? */\r
-const static int CONNECTED_BIT = BIT0;\r
-\r
-const static char *TAG = "Openssl_demo";\r
-\r
-#define OPENSSL_DEMO_SERVER_ACK "HTTP/1.1 200 OK\r\n" \\r
- "Content-Type: text/html\r\n" \\r
- "Content-Length: 98\r\n" \\r
- "<html>\r\n" \\r
- "<head>\r\n" \\r
- "<title>OpenSSL demo</title></head><body>\r\n" \\r
- "OpenSSL server demo!\r\n" \\r
- "</body>\r\n" \\r
- "</html>\r\n"\r
-\r
-static void openssl_demo_thread(void *p)\r
-{\r
- int ret;\r
-\r
- SSL_CTX *ctx;\r
- SSL *ssl;\r
-\r
- int socket, new_socket;\r
- socklen_t addr_len;\r
- struct sockaddr_in sock_addr;\r
-\r
- char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN];\r
-\r
- const char send_data[] = OPENSSL_DEMO_SERVER_ACK;\r
- const int send_bytes = sizeof(send_data);\r
-\r
- extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");\r
- extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end");\r
- const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;\r
-\r
- extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");\r
- extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end");\r
- const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start; \r
-\r
- ESP_LOGI(TAG, "SSL server context create ......");\r
- ctx = SSL_CTX_new(SSLv3_server_method());\r
- if (!ctx) {\r
- ESP_LOGI(TAG, "failed");\r
- goto failed1;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
- ESP_LOGI(TAG, "SSL server context set own certification......");\r
- ret = SSL_CTX_use_certificate_ASN1(ctx, cacert_pem_bytes, cacert_pem_start);\r
- if (!ret) {\r
- ESP_LOGI(TAG, "failed");\r
- goto failed2;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
- ESP_LOGI(TAG, "SSL server context set private key......");\r
- ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, prvtkey_pem_start, prvtkey_pem_bytes);\r
- if (!ret) {\r
- ESP_LOGI(TAG, "failed");\r
- goto failed2;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
- ESP_LOGI(TAG, "SSL server create socket ......");\r
- socket = socket(AF_INET, SOCK_STREAM, 0);\r
- if (socket < 0) {\r
- ESP_LOGI(TAG, "failed");\r
- goto failed2;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
- ESP_LOGI(TAG, "SSL server socket bind ......");\r
- memset(&sock_addr, 0, sizeof(sock_addr));\r
- sock_addr.sin_family = AF_INET;\r
- sock_addr.sin_addr.s_addr = 0;\r
- sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT);\r
- ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));\r
- if (ret) {\r
- ESP_LOGI(TAG, "failed");\r
- goto failed3;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
- ESP_LOGI(TAG, "SSL server socket listen ......");\r
- ret = listen(socket, 32);\r
- if (ret) {\r
- ESP_LOGI(TAG, "failed");\r
- goto failed3;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
-reconnect:\r
- ESP_LOGI(TAG, "SSL server create ......");\r
- ssl = SSL_new(ctx);\r
- if (!ssl) {\r
- ESP_LOGI(TAG, "failed");\r
- goto failed3;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
- ESP_LOGI(TAG, "SSL server socket accept client ......");\r
- new_socket = accept(socket, (struct sockaddr *)&sock_addr, &addr_len);\r
- if (new_socket < 0) {\r
- ESP_LOGI(TAG, "failed" );\r
- goto failed4;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
- SSL_set_fd(ssl, new_socket);\r
-\r
- ESP_LOGI(TAG, "SSL server accept client ......");\r
- ret = SSL_accept(ssl);\r
- if (!ret) {\r
- ESP_LOGI(TAG, "failed");\r
- goto failed5;\r
- }\r
- ESP_LOGI(TAG, "OK");\r
-\r
- ESP_LOGI(TAG, "SSL server read message ......");\r
- do {\r
- memset(recv_buf, 0, OPENSSL_DEMO_RECV_BUF_LEN);\r
- ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1);\r
- if (ret <= 0) {\r
- break;\r
- }\r
- if (strstr(recv_buf, "GET / HTTP/1.1")) {\r
- SSL_write(ssl, send_data, send_bytes);\r
- break;\r
- }\r
- } while (1);\r
- \r
- ESP_LOGI(TAG, "result %d", ret);\r
-\r
- SSL_shutdown(ssl);\r
-failed5:\r
- close(new_socket);\r
- new_socket = -1;\r
-failed4:\r
- SSL_free(ssl);\r
- ssl = NULL;\r
- goto reconnect;\r
-failed3:\r
- close(socket);\r
- socket = -1;\r
-failed2:\r
- SSL_CTX_free(ctx);\r
- ctx = NULL;\r
-failed1:\r
- vTaskDelete(NULL);\r
- return ;\r
-} \r
-\r
-static void openssl_client_init(void)\r
-{\r
- int ret;\r
- xTaskHandle openssl_handle;\r
-\r
- ret = xTaskCreate(openssl_demo_thread,\r
- OPENSSL_DEMO_THREAD_NAME,\r
- OPENSSL_DEMO_THREAD_STACK_WORDS,\r
- NULL,\r
- OPENSSL_DEMO_THREAD_PRORIOTY,\r
- &openssl_handle); \r
-\r
- if (ret != pdPASS) {\r
- ESP_LOGI(TAG, "create thread %s failed", OPENSSL_DEMO_THREAD_NAME);\r
- }\r
-}\r
-\r
-static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)\r
-{\r
- switch(event->event_id) {\r
- case SYSTEM_EVENT_STA_START:\r
- esp_wifi_connect();\r
- break;\r
- case SYSTEM_EVENT_STA_GOT_IP:\r
- xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);\r
- openssl_client_init();\r
- break;\r
- case SYSTEM_EVENT_STA_DISCONNECTED:\r
- /* This is a workaround as ESP32 WiFi libs don't currently\r
- auto-reassociate. */\r
- esp_wifi_connect(); \r
- xEventGroupClearBits(wifi_event_group, CONNECTED_BIT);\r
- break;\r
- default:\r
- break;\r
- }\r
- return ESP_OK;\r
-}\r
-\r
-static void wifi_conn_init(void)\r
-{\r
- tcpip_adapter_init();\r
- wifi_event_group = xEventGroupCreate();\r
- ESP_ERROR_CHECK( esp_event_loop_init(wifi_event_handler, NULL) );\r
- wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();\r
- ESP_ERROR_CHECK( esp_wifi_init(&cfg) );\r
- ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) );\r
- wifi_config_t wifi_config = {\r
- .sta = {\r
- .ssid = EXAMPLE_WIFI_SSID,\r
- .password = EXAMPLE_WIFI_PASS,\r
- },\r
- };\r
- ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) );\r
- ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) );\r
- ESP_LOGI(TAG, "start the WIFI SSID:[%s] password:[%s]\n", EXAMPLE_WIFI_SSID, EXAMPLE_WIFI_PASS);\r
- ESP_ERROR_CHECK( esp_wifi_start() );\r
-}\r
-\r
-void app_main(void)\r
-{\r
- nvs_flash_init();\r
- wifi_conn_init();\r
-}\r
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "openssl_server.h"
+
+#include <string.h>
+
+#include "openssl/ssl.h"
+
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "freertos/event_groups.h"
+
+#include "esp_log.h"
+#include "esp_wifi.h"
+#include "esp_event_loop.h"
+
+#include "nvs_flash.h"
+
+#include "lwip/sockets.h"
+#include "lwip/netdb.h"
+
+static EventGroupHandle_t wifi_event_group;
+
+/* The event group allows multiple bits for each event,
+ but we only care about one event - are we connected
+ to the AP with an IP? */
+const static int CONNECTED_BIT = BIT0;
+
+const static char *TAG = "Openssl_demo";
+
+#define OPENSSL_DEMO_SERVER_ACK "HTTP/1.1 200 OK\r\n" \
+ "Content-Type: text/html\r\n" \
+ "Content-Length: 98\r\n" \
+ "<html>\r\n" \
+ "<head>\r\n" \
+ "<title>OpenSSL demo</title></head><body>\r\n" \
+ "OpenSSL server demo!\r\n" \
+ "</body>\r\n" \
+ "</html>\r\n"
+
+static void openssl_demo_thread(void *p)
+{
+ int ret;
+
+ SSL_CTX *ctx;
+ SSL *ssl;
+
+ int socket, new_socket;
+ socklen_t addr_len;
+ struct sockaddr_in sock_addr;
+
+ char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN];
+
+ const char send_data[] = OPENSSL_DEMO_SERVER_ACK;
+ const int send_bytes = sizeof(send_data);
+
+ extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");
+ extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end");
+ const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;
+
+ extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");
+ extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end");
+ const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start;
+
+ ESP_LOGI(TAG, "SSL server context create ......");
+ ctx = SSL_CTX_new(SSLv3_server_method());
+ if (!ctx) {
+ ESP_LOGI(TAG, "failed");
+ goto failed1;
+ }
+ ESP_LOGI(TAG, "OK");
+
+ ESP_LOGI(TAG, "SSL server context set own certification......");
+ ret = SSL_CTX_use_certificate_ASN1(ctx, cacert_pem_bytes, cacert_pem_start);
+ if (!ret) {
+ ESP_LOGI(TAG, "failed");
+ goto failed2;
+ }
+ ESP_LOGI(TAG, "OK");
+
+ ESP_LOGI(TAG, "SSL server context set private key......");
+ ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, prvtkey_pem_start, prvtkey_pem_bytes);
+ if (!ret) {
+ ESP_LOGI(TAG, "failed");
+ goto failed2;
+ }
+ ESP_LOGI(TAG, "OK");
+
+ ESP_LOGI(TAG, "SSL server create socket ......");
+ socket = socket(AF_INET, SOCK_STREAM, 0);
+ if (socket < 0) {
+ ESP_LOGI(TAG, "failed");
+ goto failed2;
+ }
+ ESP_LOGI(TAG, "OK");
+
+ ESP_LOGI(TAG, "SSL server socket bind ......");
+ memset(&sock_addr, 0, sizeof(sock_addr));
+ sock_addr.sin_family = AF_INET;
+ sock_addr.sin_addr.s_addr = 0;
+ sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT);
+ ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
+ if (ret) {
+ ESP_LOGI(TAG, "failed");
+ goto failed3;
+ }
+ ESP_LOGI(TAG, "OK");
+
+ ESP_LOGI(TAG, "SSL server socket listen ......");
+ ret = listen(socket, 32);
+ if (ret) {
+ ESP_LOGI(TAG, "failed");
+ goto failed3;
+ }
+ ESP_LOGI(TAG, "OK");
+
+reconnect:
+ ESP_LOGI(TAG, "SSL server create ......");
+ ssl = SSL_new(ctx);
+ if (!ssl) {
+ ESP_LOGI(TAG, "failed");
+ goto failed3;
+ }
+ ESP_LOGI(TAG, "OK");
+
+ ESP_LOGI(TAG, "SSL server socket accept client ......");
+ new_socket = accept(socket, (struct sockaddr *)&sock_addr, &addr_len);
+ if (new_socket < 0) {
+ ESP_LOGI(TAG, "failed" );
+ goto failed4;
+ }
+ ESP_LOGI(TAG, "OK");
+
+ SSL_set_fd(ssl, new_socket);
+
+ ESP_LOGI(TAG, "SSL server accept client ......");
+ ret = SSL_accept(ssl);
+ if (!ret) {
+ ESP_LOGI(TAG, "failed");
+ goto failed5;
+ }
+ ESP_LOGI(TAG, "OK");
+
+ ESP_LOGI(TAG, "SSL server read message ......");
+ do {
+ memset(recv_buf, 0, OPENSSL_DEMO_RECV_BUF_LEN);
+ ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1);
+ if (ret <= 0) {
+ break;
+ }
+ if (strstr(recv_buf, "GET / HTTP/1.1")) {
+ SSL_write(ssl, send_data, send_bytes);
+ break;
+ }
+ } while (1);
+
+ ESP_LOGI(TAG, "result %d", ret);
+
+ SSL_shutdown(ssl);
+failed5:
+ close(new_socket);
+ new_socket = -1;
+failed4:
+ SSL_free(ssl);
+ ssl = NULL;
+ goto reconnect;
+failed3:
+ close(socket);
+ socket = -1;
+failed2:
+ SSL_CTX_free(ctx);
+ ctx = NULL;
+failed1:
+ vTaskDelete(NULL);
+ return ;
+}
+
+static void openssl_client_init(void)
+{
+ int ret;
+ xTaskHandle openssl_handle;
+
+ ret = xTaskCreate(openssl_demo_thread,
+ OPENSSL_DEMO_THREAD_NAME,
+ OPENSSL_DEMO_THREAD_STACK_WORDS,
+ NULL,
+ OPENSSL_DEMO_THREAD_PRORIOTY,
+ &openssl_handle);
+
+ if (ret != pdPASS) {
+ ESP_LOGI(TAG, "create thread %s failed", OPENSSL_DEMO_THREAD_NAME);
+ }
+}
+
+static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
+{
+ switch(event->event_id) {
+ case SYSTEM_EVENT_STA_START:
+ esp_wifi_connect();
+ break;
+ case SYSTEM_EVENT_STA_GOT_IP:
+ xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
+ openssl_client_init();
+ break;
+ case SYSTEM_EVENT_STA_DISCONNECTED:
+ /* This is a workaround as ESP32 WiFi libs don't currently
+ auto-reassociate. */
+ esp_wifi_connect();
+ xEventGroupClearBits(wifi_event_group, CONNECTED_BIT);
+ break;
+ default:
+ break;
+ }
+ return ESP_OK;
+}
+
+static void wifi_conn_init(void)
+{
+ tcpip_adapter_init();
+ wifi_event_group = xEventGroupCreate();
+ ESP_ERROR_CHECK( esp_event_loop_init(wifi_event_handler, NULL) );
+ wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+ ESP_ERROR_CHECK( esp_wifi_init(&cfg) );
+ ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) );
+ wifi_config_t wifi_config = {
+ .sta = {
+ .ssid = EXAMPLE_WIFI_SSID,
+ .password = EXAMPLE_WIFI_PASS,
+ },
+ };
+ ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) );
+ ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) );
+ ESP_LOGI(TAG, "start the WIFI SSID:[%s] password:[%s]\n", EXAMPLE_WIFI_SSID, EXAMPLE_WIFI_PASS);
+ ESP_ERROR_CHECK( esp_wifi_start() );
+}
+
+void app_main(void)
+{
+ nvs_flash_init();
+ wifi_conn_init();
+}
projects / esp-idf / commitdiff