* Set WiFi Password under Example Configuration
Example CoAP Client Configuration --->
* Set CoAP Target Uri
- * Set encryption method definitions (None, PSK or PKI)
- * If PSK Set CoAP Preshared Key to use in connection to the server
- * If PSK Set CoAP PSK Client identity (username)
- Enable CoAP debugging if required
+ * If PSK, Set CoAP Preshared Key to use in connection to the server
+ * If PSK, Set CoAP PSK Client identity (username)
Component config --->
- mbedTLS --->
- [*] Enable mbedtls certificate expiry check
- TLS Key Exchange Methods --->
- [*] Enable pre-shared-key ciphersuites
- [*] Enable PSK based ciphersuite modes
- [*] Support DTLS protocol (all versions)
+ CoAP Configuration --->
+ * Set encryption method definition, PSK (default) or PKI
+ * Enable CoAP debugging if required
### Build and Flash
for a coap server that supports TCP
(not all do including coap+tcp://californium.eclipse.org).
-* CoAP logging can be enabled by running 'make menuconfig' and enable debugging
-
-* Encryption (MbedTLS) can be enabled by running 'make menuconfig' and enable debugging
+* CoAP logging can be enabled by running 'idf.py menuconfig -> Component config -> CoAP Configuration' and setting appropriate log level
# Embed CA, certificate & key directly into binary
idf_component_register(SRCS "coap_client_example_main.c"
INCLUDE_DIRS "."
- EMBED_TXTFILES coap_ca.pem coap_client.crt coap_client.key)
+ EMBED_TXTFILES certs/coap_ca.pem certs/coap_client.crt certs/coap_client.key)
#include <string.h>
#include <sys/socket.h>
#include <netdb.h>
+#include <sys/param.h>
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
instead of coap:// and the PSK must be one that the server supports
(potentially associated with the IDENTITY)
*/
-#define EXAMPLE_COAP_PSK_KEY CONFIG_COAP_PSK_KEY
-#define EXAMPLE_COAP_PSK_IDENTITY CONFIG_COAP_PSK_IDENTITY
+#define EXAMPLE_COAP_PSK_KEY CONFIG_EXAMPLE_COAP_PSK_KEY
+#define EXAMPLE_COAP_PSK_IDENTITY CONFIG_EXAMPLE_COAP_PSK_IDENTITY
/* The examples use uri Logging Level that
you can set via 'make menuconfig'.
you can set via the project configuration (idf.py menuconfig)
If you'd rather not, just change the below entries to strings with
- the config you want - ie #define COAP_DEFAULT_DEMO_URI "coap://californium.eclipse.org"
+ the config you want - ie #define COAP_DEFAULT_DEMO_URI "coaps://californium.eclipse.org"
*/
-#define COAP_DEFAULT_DEMO_URI CONFIG_TARGET_DOMAIN_URI
+#define COAP_DEFAULT_DEMO_URI CONFIG_EXAMPLE_TARGET_DOMAIN_URI
const static char *TAG = "CoAP_client";
static coap_optlist_t *optlist = NULL;
static int wait_ms;
+#ifdef CONFIG_COAP_MBEDTLS_PKI
+/* CA cert, taken from coap_ca.pem
+ Client cert, taken from coap_client.crt
+ Client key, taken from coap_client.key
+
+ The PEM, CRT and KEY file are examples taken from the wpa2 enterprise
+ example.
+
+ To embed it in the app binary, the PEM, CRT and KEY file is named
+ in the component.mk COMPONENT_EMBED_TXTFILES variable.
+ */
+extern uint8_t ca_pem_start[] asm("_binary_coap_ca_pem_start");
+extern uint8_t ca_pem_end[] asm("_binary_coap_ca_pem_end");
+extern uint8_t client_crt_start[] asm("_binary_coap_client_crt_start");
+extern uint8_t client_crt_end[] asm("_binary_coap_client_crt_end");
+extern uint8_t client_key_start[] asm("_binary_coap_client_key_start");
+extern uint8_t client_key_end[] asm("_binary_coap_client_key_end");
+#endif /* CONFIG_COAP_MBEDTLS_PKI */
+
static void message_handler(coap_context_t *ctx, coap_session_t *session,
- coap_pdu_t *sent, coap_pdu_t *received,
- const coap_tid_t id)
+ coap_pdu_t *sent, coap_pdu_t *received,
+ const coap_tid_t id)
{
- unsigned char* data = NULL;
+ unsigned char *data = NULL;
size_t data_len;
coap_pdu_t *pdu = NULL;
coap_opt_t *block_opt;
/* create pdu with request for next block */
pdu = coap_new_pdu(session);
if (!pdu) {
- ESP_LOGE(TAG, "coap_new_pdu() failed");
- goto clean_up;
+ ESP_LOGE(TAG, "coap_new_pdu() failed");
+ goto clean_up;
}
pdu->type = COAP_MESSAGE_CON;
pdu->tid = coap_new_message_id(session);
case COAP_OPTION_URI_PATH :
case COAP_OPTION_URI_QUERY :
coap_add_option(pdu, option->number, option->length,
- option->data);
+ option->data);
break;
default:
; /* skip other options */
coap_add_option(pdu,
blktype,
coap_encode_var_safe(buf, sizeof(buf),
- ((coap_opt_block_num(block_opt) + 1) << 4) |
- COAP_OPT_BLOCK_SZX(block_opt)), buf);
+ ((coap_opt_block_num(block_opt) + 1) << 4) |
+ COAP_OPT_BLOCK_SZX(block_opt)), buf);
tid = coap_send(session, pdu);
resp_wait = 0;
}
-#ifdef CONFIG_MBEDTLS_COAP_PKI
-
-#ifdef __GNUC__
-#define UNUSED_PARAM __attribute__ ((unused))
-#else /* not a GCC */
-#define UNUSED_PARAM
-#endif /* GCC */
-
-#ifndef min
-#define min(a,b) ((a) < (b) ? (a) : (b))
-#endif
+#ifdef CONFIG_COAP_MBEDTLS_PKI
static int
verify_cn_callback(const char *cn,
- const uint8_t *asn1_public_cert UNUSED_PARAM,
- size_t asn1_length UNUSED_PARAM,
- coap_session_t *session UNUSED_PARAM,
+ const uint8_t *asn1_public_cert,
+ size_t asn1_length,
+ coap_session_t *session,
unsigned depth,
- int validated UNUSED_PARAM,
- void *arg UNUSED_PARAM
-) {
- coap_log(LOG_INFO, "CN '%s' presented by server (%s)\n",
- cn, depth ? "CA" : "Certificate");
- return 1;
+ int validated,
+ void *arg
+ )
+{
+ coap_log(LOG_INFO, "CN '%s' presented by server (%s)\n",
+ cn, depth ? "CA" : "Certificate");
+ return 1;
}
-#endif /* CONFIG_MBEDTLS_COAP_PKI */
+#endif /* CONFIG_COAP_MBEDTLS_PKI */
static void coap_example_client(void *p)
{
struct hostent *hp;
-
coap_address_t dst_addr;
static coap_uri_t uri;
- const char* server_uri = COAP_DEFAULT_DEMO_URI;
- char* phostname = NULL;
+ const char *server_uri = COAP_DEFAULT_DEMO_URI;
+ char *phostname = NULL;
coap_set_log_level(EXAMPLE_COAP_LOG_DEFAULT_LEVEL);
break;
}
- if ((uri.scheme==COAP_URI_SCHEME_COAPS && !coap_dtls_is_supported()) ||
- (uri.scheme==COAP_URI_SCHEME_COAPS_TCP && !coap_tls_is_supported())) {
+ if ((uri.scheme == COAP_URI_SCHEME_COAPS && !coap_dtls_is_supported()) ||
+ (uri.scheme == COAP_URI_SCHEME_COAPS_TCP && !coap_tls_is_supported())) {
ESP_LOGE(TAG, "CoAP server uri scheme is not supported");
break;
}
phostname = (char *)calloc(1, uri.host.length + 1);
-
if (phostname == NULL) {
ESP_LOGE(TAG, "calloc failed");
- continue;
+ break;
}
memcpy(phostname, uri.host.s, uri.host.length);
ESP_LOGE(TAG, "DNS lookup failed");
vTaskDelay(1000 / portTICK_PERIOD_MS);
free(phostname);
- goto clean_up;
+ continue;
}
- {
char tmpbuf[INET6_ADDRSTRLEN];
- coap_address_init(&dst_addr);
- switch (hp->h_addrtype) {
+ coap_address_init(&dst_addr);
+ switch (hp->h_addrtype) {
case AF_INET:
dst_addr.addr.sin.sin_family = AF_INET;
dst_addr.addr.sin.sin_port = htons(uri.port);
default:
ESP_LOGE(TAG, "DNS lookup response failed");
goto clean_up;
- }
}
if (uri.path.length) {
while (res--) {
coap_insert_optlist(&optlist,
- coap_new_optlist(COAP_OPTION_URI_PATH,
- coap_opt_length(buf),
- coap_opt_value(buf)));
+ coap_new_optlist(COAP_OPTION_URI_PATH,
+ coap_opt_length(buf),
+ coap_opt_value(buf)));
buf += coap_opt_size(buf);
}
while (res--) {
coap_insert_optlist(&optlist,
- coap_new_optlist(COAP_OPTION_URI_QUERY,
- coap_opt_length(buf),
- coap_opt_value(buf)));
+ coap_new_optlist(COAP_OPTION_URI_QUERY,
+ coap_opt_length(buf),
+ coap_opt_value(buf)));
buf += coap_opt_size(buf);
}
ctx = coap_new_context(NULL);
if (!ctx) {
- ESP_LOGE(TAG, "coap_new_context() failed");
- goto clean_up;
+ ESP_LOGE(TAG, "coap_new_context() failed");
+ goto clean_up;
}
/*
* so COAP_URI_SCHEME_COAPS_TCP will have failed in a test above,
* but the code is left in for completeness.
*/
- if (uri.scheme==COAP_URI_SCHEME_COAPS || uri.scheme==COAP_URI_SCHEME_COAPS_TCP) {
-#ifdef CONFIG_MBEDTLS_COAP_PSK
+ if (uri.scheme == COAP_URI_SCHEME_COAPS || uri.scheme == COAP_URI_SCHEME_COAPS_TCP) {
+#ifdef CONFIG_COAP_MBEDTLS_PSK
session = coap_new_client_session_psk(ctx, NULL, &dst_addr,
- uri.scheme==COAP_URI_SCHEME_COAPS ? COAP_PROTO_DTLS : COAP_PROTO_TLS,
- EXAMPLE_COAP_PSK_IDENTITY,
- (const uint8_t*)EXAMPLE_COAP_PSK_KEY,
- sizeof(EXAMPLE_COAP_PSK_KEY)-1);
-#endif /* CONFIG_MBEDTLS_COAP_PSK */
-
-#ifdef CONFIG_MBEDTLS_COAP_PKI
-/* CA cert, taken from coap_ca.pem
- Client cert, taken from coap_client.crt
- Client key, taken from coap_client.key
-
- The PEM, CRT and KEY file are examples taken from the wpa2 enterprise
- example.
+ uri.scheme == COAP_URI_SCHEME_COAPS ? COAP_PROTO_DTLS : COAP_PROTO_TLS,
+ EXAMPLE_COAP_PSK_IDENTITY,
+ (const uint8_t *)EXAMPLE_COAP_PSK_KEY,
+ sizeof(EXAMPLE_COAP_PSK_KEY) - 1);
+#endif /* CONFIG_COAP_MBEDTLS_PSK */
- To embed it in the app binary, the PEM, CRT and KEY file is named
- in the component.mk COMPONENT_EMBED_TXTFILES variable.
-*/
-extern uint8_t ca_pem_start[] asm("_binary_coap_ca_pem_start");
-extern uint8_t ca_pem_end[] asm("_binary_coap_ca_pem_end");
-extern uint8_t client_crt_start[] asm("_binary_coap_client_crt_start");
-extern uint8_t client_crt_end[] asm("_binary_coap_client_crt_end");
-extern uint8_t client_key_start[] asm("_binary_coap_client_key_start");
-extern uint8_t client_key_end[] asm("_binary_coap_client_key_end");
+#ifdef CONFIG_COAP_MBEDTLS_PKI
unsigned int ca_pem_bytes = ca_pem_end - ca_pem_start;
unsigned int client_crt_bytes = client_crt_end - client_crt_start;
unsigned int client_key_bytes = client_key_end - client_key_start;
dtls_pki.validate_sni_call_back = NULL;
dtls_pki.sni_call_back_arg = NULL;
memset(client_sni, 0, sizeof(client_sni));
- if (uri.host.length)
- memcpy(client_sni, uri.host.s, min(uri.host.length, sizeof(client_sni)));
- else
+ if (uri.host.length) {
+ memcpy(client_sni, uri.host.s, MIN(uri.host.length, sizeof(client_sni)));
+ } else {
memcpy(client_sni, "localhost", 9);
+ }
dtls_pki.client_sni = client_sni;
}
dtls_pki.pki_key.key_type = COAP_PKI_KEY_PEM_BUF;
dtls_pki.pki_key.key.pem_buf.ca_cert_len = ca_pem_bytes;
session = coap_new_client_session_pki(ctx, NULL, &dst_addr,
- uri.scheme==COAP_URI_SCHEME_COAPS ? COAP_PROTO_DTLS : COAP_PROTO_TLS,
- &dtls_pki);
-#endif /* CONFIG_MBEDTLS_COAP_PKI */
-
-#ifdef CONFIG_MBEDTLS_COAP_NONE
- session = coap_new_client_session(ctx, NULL, &dst_addr,
- uri.scheme==COAP_URI_SCHEME_COAPS ? COAP_PROTO_DTLS : COAP_PROTO_TLS);
-#endif /* CONFIG_MBEDTLS_COAP_NONE */
+ uri.scheme == COAP_URI_SCHEME_COAPS ? COAP_PROTO_DTLS : COAP_PROTO_TLS,
+ &dtls_pki);
+#endif /* CONFIG_COAP_MBEDTLS_PKI */
} else {
session = coap_new_client_session(ctx, NULL, &dst_addr,
- uri.scheme==COAP_URI_SCHEME_COAP_TCP ? COAP_PROTO_TCP :
- COAP_PROTO_UDP);
+ uri.scheme == COAP_URI_SCHEME_COAP_TCP ? COAP_PROTO_TCP :
+ COAP_PROTO_UDP);
}
if (!session) {
- ESP_LOGE(TAG, "coap_new_client_session() failed");
- goto clean_up;
+ ESP_LOGE(TAG, "coap_new_client_session() failed");
+ goto clean_up;
}
coap_register_response_handler(ctx, message_handler);
request = coap_new_pdu(session);
if (!request) {
- ESP_LOGE(TAG, "coap_new_pdu() failed");
- goto clean_up;
+ ESP_LOGE(TAG, "coap_new_pdu() failed");
+ goto clean_up;
}
request->type = COAP_MESSAGE_CON;
request->tid = coap_new_message_id(session);
while (resp_wait) {
int result = coap_run_once(ctx, wait_ms > 1000 ? 1000 : wait_ms);
if (result >= 0) {
- if (result >= wait_ms) {
- ESP_LOGE(TAG, "select timeout");
- break;
- } else {
- wait_ms -= result;
- }
+ if (result >= wait_ms) {
+ ESP_LOGE(TAG, "select timeout");
+ break;
+ } else {
+ wait_ms -= result;
+ }
}
}
clean_up:
coap_delete_optlist(optlist);
optlist = NULL;
}
- if (session) coap_session_release(session);
- if (ctx) coap_free_context(ctx);
+ if (session) {
+ coap_session_release(session);
+ }
+ if (ctx) {
+ coap_free_context(ctx);
+ }
coap_cleanup();
/*
* change the following line to something like sleep(2)
tcpip_adapter_init();
ESP_ERROR_CHECK(esp_event_loop_create_default());
-#if 0
-/* See https://github.com/Ebiroll/qemu_esp32 for further information */
-#include "emul_ip.h"
- if (is_running_qemu()) {
- xTaskCreate(task_lwip_init, "task_lwip_init", 2*4096, NULL, 20, NULL);
- }
- else
-#endif
/* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
* Read "Establishing Wi-Fi or Ethernet Connection" section in
* examples/protocols/README.md for more information about this function.
# embed files from the "certs" directory as binary data symbols
# in the app
-COMPONENT_EMBED_TXTFILES := coap_ca.pem
-COMPONENT_EMBED_TXTFILES += coap_client.crt
-COMPONENT_EMBED_TXTFILES += coap_client.key
+COMPONENT_EMBED_TXTFILES := certs/coap_ca.pem certs/coap_client.crt certs/coap_client.key
* Set WiFi SSID under Example Configuration
* Set WiFi Password under Example Configuration
Example CoAP Client Configuration --->
- * Set CoAP Target Uri
- * Set encryption method definitions (None, PSK or PKI)
- * If PSK Set CoAP Preshared Key to use in connection to the server
- * If PSK Set CoAP PSK Client identity (username)
- Enable CoAP debugging if required
+ * If PSK, Set CoAP Preshared Key to use in connection to the server
Component config --->
- mbedTLS --->
- [*] Enable mbedtls certificate expiry check
- TLS Key Exchange Methods --->
- [*] Enable pre-shared-key ciphersuites
- [*] Enable PSK based ciphersuite modes
- [*] Support DTLS protocol (all versions)
+ CoAP Configuration --->
+ * Set encryption method definition, PSK (default) or PKI
+ * Enable CoAP debugging if required
### Build and Flash
* Please make sure CoAP client fetchs or puts data under path: `/Espressif` or
fetches `/.well-known/core`
-* CoAP logging can be enabled by running 'make menuconfig' and enable debugging
-
-* Encryption (MbedTLS) can be enabled by running 'make menuconfig' and enable debugging
-
+* CoAP logging can be enabled by running 'idf.py menuconfig -> Component config -> CoAP Configuration' and setting appropriate log level
idf_component_register(SRCS "coap_server_example_main.c"
INCLUDE_DIRS "."
- EMBED_TXTFILES coap_ca.pem coap_server.crt coap_server.key)
+ EMBED_TXTFILES certs/coap_ca.pem certs/coap_server.crt certs/coap_server.key)
instead of coap:// and the PSK must be one that the server supports
(potentially associated with the IDENTITY)
*/
-#define EXAMPLE_COAP_PSK_KEY CONFIG_COAP_PSK_KEY
+#define EXAMPLE_COAP_PSK_KEY CONFIG_EXAMPLE_COAP_PSK_KEY
/* The examples use CoAP Logging Level that
you can set via 'make menuconfig'.
*/
#define EXAMPLE_COAP_LOG_DEFAULT_LEVEL CONFIG_COAP_LOG_DEFAULT_LEVEL
+const static char *TAG = "CoAP_server";
+
static char espressif_data[100];
static int espressif_data_len = 0;
+#ifdef CONFIG_COAP_MBEDTLS_PKI
+/* CA cert, taken from coap_ca.pem
+ Server cert, taken from coap_server.crt
+ Server key, taken from coap_server.key
+
+ The PEM, CRT and KEY file are examples taken from the wpa2 enterprise
+ example.
+
+ To embed it in the app binary, the PEM, CRT and KEY file is named
+ in the component.mk COMPONENT_EMBED_TXTFILES variable.
+ */
+extern uint8_t ca_pem_start[] asm("_binary_coap_ca_pem_start");
+extern uint8_t ca_pem_end[] asm("_binary_coap_ca_pem_end");
+extern uint8_t server_crt_start[] asm("_binary_coap_server_crt_start");
+extern uint8_t server_crt_end[] asm("_binary_coap_server_crt_end");
+extern uint8_t server_key_start[] asm("_binary_coap_server_key_start");
+extern uint8_t server_key_end[] asm("_binary_coap_server_key_end");
+#endif /* CONFIG_COAP_MBEDTLS_PKI */
+
#define INITIAL_DATA "Hello World!"
/*
if (strcmp (espressif_data, INITIAL_DATA) == 0) {
response->code = COAP_RESPONSE_CODE(201);
- }
- else {
+ } else {
response->code = COAP_RESPONSE_CODE(204);
}
response->code = COAP_RESPONSE_CODE(202);
}
-#ifdef CONFIG_MBEDTLS_COAP_PKI
-
-#ifdef __GNUC__
-#define UNUSED_PARAM __attribute__ ((unused))
-#else /* not a GCC */
-#define UNUSED_PARAM
-#endif /* GCC */
-
-#ifndef min
-#define min(a,b) ((a) < (b) ? (a) : (b))
-#endif
+#ifdef CONFIG_COAP_MBEDTLS_PKI
static int
verify_cn_callback(const char *cn,
- const uint8_t *asn1_public_cert UNUSED_PARAM,
- size_t asn1_length UNUSED_PARAM,
- coap_session_t *session UNUSED_PARAM,
+ const uint8_t *asn1_public_cert,
+ size_t asn1_length,
+ coap_session_t *session,
unsigned depth,
- int validated UNUSED_PARAM,
- void *arg UNUSED_PARAM
-) {
- coap_log(LOG_INFO, "CN '%s' presented by server (%s)\n",
- cn, depth ? "CA" : "Certificate");
- return 1;
+ int validated,
+ void *arg
+ )
+{
+ coap_log(LOG_INFO, "CN '%s' presented by server (%s)\n",
+ cn, depth ? "CA" : "Certificate");
+ return 1;
}
-#endif /* CONFIG_MBEDTLS_COAP_PKI */
+#endif /* CONFIG_COAP_MBEDTLS_PKI */
static void coap_example_server(void *p)
{
ctx = coap_new_context(NULL);
if (!ctx) {
- continue;
+ ESP_LOGE(TAG, "coap_new_context() failed");
+ continue;
}
-#ifdef CONFIG_MBEDTLS_COAP_PSK
+#ifdef CONFIG_COAP_MBEDTLS_PSK
/* Need PSK setup before we set up endpoints */
coap_context_set_psk(ctx, "CoAP",
- (const uint8_t*)EXAMPLE_COAP_PSK_KEY,
- sizeof(EXAMPLE_COAP_PSK_KEY)-1);
-#endif /* CONFIG_MBEDTLS_COAP_PSK */
-
-#ifdef CONFIG_MBEDTLS_COAP_PKI
-/* CA cert, taken from coap_ca.pem
- Server cert, taken from coap_server.crt
- Server key, taken from coap_server.key
-
- The PEM, CRT and KEY file are examples taken from the wpa2 enterprise
- example.
-
- To embed it in the app binary, the PEM, CRT and KEY file is named
- in the component.mk COMPONENT_EMBED_TXTFILES variable.
-*/
-extern uint8_t ca_pem_start[] asm("_binary_coap_ca_pem_start");
-extern uint8_t ca_pem_end[] asm("_binary_coap_ca_pem_end");
-extern uint8_t server_crt_start[] asm("_binary_coap_server_crt_start");
-extern uint8_t server_crt_end[] asm("_binary_coap_server_crt_end");
-extern uint8_t server_key_start[] asm("_binary_coap_server_key_start");
-extern uint8_t server_key_end[] asm("_binary_coap_server_key_end");
- unsigned int ca_pem_bytes = ca_pem_end - ca_pem_start;
- unsigned int server_crt_bytes = server_crt_end - server_crt_start;
- unsigned int server_key_bytes = server_key_end - server_key_start;
- coap_dtls_pki_t dtls_pki;
-
- memset (&dtls_pki, 0, sizeof(dtls_pki));
- dtls_pki.version = COAP_DTLS_PKI_SETUP_VERSION;
- if (ca_pem_bytes) {
- /*
- * Add in additional certificate checking.
- * This list of enabled can be tuned for the specific
- * requirements - see 'man coap_encryption'.
- *
- * Note: A list of root ca file can be setup separately using
- * coap_context_set_pki_root_cas(), but the below is used to
- * define what checking actually takes place.
- */
- dtls_pki.verify_peer_cert = 1;
- dtls_pki.require_peer_cert = 1;
- dtls_pki.allow_self_signed = 1;
- dtls_pki.allow_expired_certs = 1;
- dtls_pki.cert_chain_validation = 1;
- dtls_pki.cert_chain_verify_depth = 2;
- dtls_pki.check_cert_revocation = 1;
- dtls_pki.allow_no_crl = 1;
- dtls_pki.allow_expired_crl = 1;
- dtls_pki.allow_bad_md_hash = 1;
- dtls_pki.allow_short_rsa_length = 1;
- dtls_pki.validate_cn_call_back = verify_cn_callback;
- dtls_pki.cn_call_back_arg = NULL;
- dtls_pki.validate_sni_call_back = NULL;
- dtls_pki.sni_call_back_arg = NULL;
- }
- dtls_pki.pki_key.key_type = COAP_PKI_KEY_PEM_BUF;
- dtls_pki.pki_key.key.pem_buf.public_cert = server_crt_start;
- dtls_pki.pki_key.key.pem_buf.public_cert_len = server_crt_bytes;
- dtls_pki.pki_key.key.pem_buf.private_key = server_key_start;
- dtls_pki.pki_key.key.pem_buf.private_key_len = server_key_bytes;
- dtls_pki.pki_key.key.pem_buf.ca_cert = ca_pem_start;
- dtls_pki.pki_key.key.pem_buf.ca_cert_len = ca_pem_bytes;
+ (const uint8_t *)EXAMPLE_COAP_PSK_KEY,
+ sizeof(EXAMPLE_COAP_PSK_KEY) - 1);
+#endif /* CONFIG_COAP_MBEDTLS_PSK */
+
+#ifdef CONFIG_COAP_MBEDTLS_PKI
+ unsigned int ca_pem_bytes = ca_pem_end - ca_pem_start;
+ unsigned int server_crt_bytes = server_crt_end - server_crt_start;
+ unsigned int server_key_bytes = server_key_end - server_key_start;
+ coap_dtls_pki_t dtls_pki;
+
+ memset (&dtls_pki, 0, sizeof(dtls_pki));
+ dtls_pki.version = COAP_DTLS_PKI_SETUP_VERSION;
+ if (ca_pem_bytes) {
+ /*
+ * Add in additional certificate checking.
+ * This list of enabled can be tuned for the specific
+ * requirements - see 'man coap_encryption'.
+ *
+ * Note: A list of root ca file can be setup separately using
+ * coap_context_set_pki_root_cas(), but the below is used to
+ * define what checking actually takes place.
+ */
+ dtls_pki.verify_peer_cert = 1;
+ dtls_pki.require_peer_cert = 1;
+ dtls_pki.allow_self_signed = 1;
+ dtls_pki.allow_expired_certs = 1;
+ dtls_pki.cert_chain_validation = 1;
+ dtls_pki.cert_chain_verify_depth = 2;
+ dtls_pki.check_cert_revocation = 1;
+ dtls_pki.allow_no_crl = 1;
+ dtls_pki.allow_expired_crl = 1;
+ dtls_pki.allow_bad_md_hash = 1;
+ dtls_pki.allow_short_rsa_length = 1;
+ dtls_pki.validate_cn_call_back = verify_cn_callback;
+ dtls_pki.cn_call_back_arg = NULL;
+ dtls_pki.validate_sni_call_back = NULL;
+ dtls_pki.sni_call_back_arg = NULL;
+ }
+ dtls_pki.pki_key.key_type = COAP_PKI_KEY_PEM_BUF;
+ dtls_pki.pki_key.key.pem_buf.public_cert = server_crt_start;
+ dtls_pki.pki_key.key.pem_buf.public_cert_len = server_crt_bytes;
+ dtls_pki.pki_key.key.pem_buf.private_key = server_key_start;
+ dtls_pki.pki_key.key.pem_buf.private_key_len = server_key_bytes;
+ dtls_pki.pki_key.key.pem_buf.ca_cert = ca_pem_start;
+ dtls_pki.pki_key.key.pem_buf.ca_cert_len = ca_pem_bytes;
- coap_context_set_pki(ctx, &dtls_pki);
-#endif /* CONFIG_MBEDTLS_COAP_PKI */
+ coap_context_set_pki(ctx, &dtls_pki);
+#endif /* CONFIG_COAP_MBEDTLS_PKI */
ep = coap_new_endpoint(ctx, &serv_addr, COAP_PROTO_UDP);
if (!ep) {
- goto clean_up;
+ ESP_LOGE(TAG, "udp: coap_new_endpoint() failed");
+ goto clean_up;
}
ep = coap_new_endpoint(ctx, &serv_addr, COAP_PROTO_TCP);
if (!ep) {
- goto clean_up;
+ ESP_LOGE(TAG, "tcp: coap_new_endpoint() failed");
+ goto clean_up;
}
-#if defined(CONFIG_MBEDTLS_COAP_PSK) || defined(CONFIG_MBEDTLS_COAP_PKI)
- if (coap_dtls_is_supported()) {
+#if defined(CONFIG_COAP_MBEDTLS_PSK) || defined(CONFIG_COAP_MBEDTLS_PKI)
+ if (coap_dtls_is_supported()) {
serv_addr.addr.sin.sin_port = htons(COAPS_DEFAULT_PORT);
ep = coap_new_endpoint(ctx, &serv_addr, COAP_PROTO_DTLS);
if (!ep) {
- goto clean_up;
+ ESP_LOGE(TAG, "dtls: coap_new_endpoint() failed");
+ goto clean_up;
}
}
-#endif /* CONFIG_MBEDTLS_COAP_PSK CONFIG_MBEDTLS_COAP_PKI */
+#endif /* CONFIG_COAP_MBEDTLS_PSK CONFIG_COAP_MBEDTLS_PKI */
resource = coap_resource_init(coap_make_str_const("Espressif"), 0);
if (!resource) {
- goto clean_up;
+ ESP_LOGE(TAG, "coap_resource_init() failed");
+ goto clean_up;
}
coap_register_handler(resource, COAP_REQUEST_GET, hnd_espressif_get);
coap_register_handler(resource, COAP_REQUEST_PUT, hnd_espressif_put);
tcpip_adapter_init();
ESP_ERROR_CHECK(esp_event_loop_create_default());
-#if 0
-/* See https://github.com/Ebiroll/qemu_esp32 for further information */
-#include "emul_ip.h"
- if (is_running_qemu()) {
- xTaskCreate(task_lwip_init, "task_lwip_init", 2*4096, NULL, 20, NULL);
- }
- else
-#endif
/* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
* Read "Establishing Wi-Fi or Ethernet Connection" section in
* examples/protocols/README.md for more information about this function.
# embed files from the "certs" directory as binary data symbols
# in the app
-COMPONENT_EMBED_TXTFILES := coap_ca.pem
-COMPONENT_EMBED_TXTFILES += coap_server.crt
-COMPONENT_EMBED_TXTFILES += coap_server.key
+COMPONENT_EMBED_TXTFILES := certs/coap_ca.pem certs/coap_server.crt certs/coap_server.key
projects / esp-idf / commitdiff