Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

C33 SSL client fix stop() and connect( .. ) with psk #436

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

C33 SSL client fix stop() and connect( .. ) with psk #436

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
4717e6c
ssl_client: remove unused parameters from ssl_stop
pennam Feb 12, 2025
fdb6eb9
ssl_client: trim text
pennam Feb 12, 2025
9904dfd
sslclient: do not compile unused static function
pennam Feb 12, 2025
377fee6
ssl_client: fix unsigned comparison
pennam Feb 12, 2025
7aaa887
SSLClient: fix stop()
pennam Feb 12, 2025
ca77fbe
ssl_debug: suppress unused variable warning
pennam Feb 12, 2025
80f4216
ssl_debug: rename DEBUG_LEVEL to SSL_DEBUG_LEVEL
pennam Feb 12, 2025
61bed64
SSLClient: fix connect using pre shared key
pennam Feb 12, 2025
0907145
ssl_client: change type to uint16_t to store client->available() retu…
pennam Feb 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 5 additions & 8 deletions libraries/SSLClient/src/SSLClient.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,12 +97,9 @@ void SSLClient::setClient(Client& client)

void SSLClient::stop()
{
if (sslclient->client >= 0) {
//sslclient->client->stop();
_connected = false;
_peek = -1;
}
stop_ssl_socket(sslclient, _CA_cert, _cert, _private_key);
stop_ssl_socket(sslclient);
_connected = false;
_peek = -1;
}

int SSLClient::connect(IPAddress ip, uint16_t port)
Expand Down Expand Up @@ -150,12 +147,12 @@ int SSLClient::connect(const char *host, uint16_t port, const char *_CA_cert, co
}

int SSLClient::connect(IPAddress ip, uint16_t port, const char *pskIdent, const char *psKey) {
return connect(ip.toString().c_str(), port,_pskIdent, _psKey);
return connect(ip.toString().c_str(), port, pskIdent, psKey);
}

int SSLClient::connect(const char *host, uint16_t port, const char *pskIdent, const char *psKey) {
log_v("start_ssl_client with PSK");
int ret = start_ssl_client(sslclient, host, port, _timeout, NULL, NULL, NULL, NULL, _pskIdent, _psKey, _use_insecure);
int ret = start_ssl_client(sslclient, host, port, _timeout, NULL, NULL, NULL, NULL, pskIdent, psKey, _use_insecure);
_lastError = ret;
if (ret < 0) {
log_e("start_ssl_client: %d", ret);
Expand Down
47 changes: 24 additions & 23 deletions libraries/SSLClient/src/ssl_client.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ static int _handle_error(int err, const char * file, int line)

#define handle_error(e) _handle_error(e, __FUNCTION__, __LINE__)

#if defined(SSL_CLIENT_RECV_DISABLE_TIMEOUT)
/**
* \brief Read at most 'len' characters. If no error occurs,
* the actual amount read is returned.
Expand All @@ -52,11 +53,11 @@ static int _handle_error(int err, const char * file, int line)
*/
static int client_net_recv( void *ctx, unsigned char *buf, size_t len ) {
Client *client = (Client*)ctx;
if (!client) {
if (!client) {
log_e("Uninitialised!");
return -1;
}

//if (!client->connected()) {
// log_e("Not connected!");
// return -2;
Expand All @@ -68,31 +69,31 @@ static int client_net_recv( void *ctx, unsigned char *buf, size_t len ) {
if (result > 0) {
//esp_log_buffer_hexdump_internal("SSL.RD", buf, (uint16_t)result, ESP_LOG_VERBOSE);
}

return result;
}

int client_net_recv_timeout( void *ctx, unsigned char *buf,
#else
static int client_net_recv_timeout( void *ctx, unsigned char *buf,
size_t len, uint32_t timeout ) {
Client *client = (Client*)ctx;
if (!client) {
if (!client) {
log_e("Uninitialised!");
return -1;
}
unsigned long start = millis();
unsigned long tms = start + timeout;
int pending = client->available();
uint16_t pending = client->available();
// If there is data in the client, wait for message completion
if((pending > 0) && (pending < len))
do {
int pending = client->available();
uint16_t pending = client->available();
if (pending < len && timeout > 0) {
delay(1);
} else break;
} while (millis() < tms);

int result = client->read(buf, len);

// lwIP interface return -1 if there is no data to read
// report without throwing errors or block
if (result <= 0) return MBEDTLS_ERR_SSL_WANT_READ;
Expand All @@ -102,10 +103,10 @@ int client_net_recv_timeout( void *ctx, unsigned char *buf,
if (result > 0) {
//esp_log_buffer_hexdump_internal("SSL.RD", buf, (uint16_t)result, ESP_LOG_VERBOSE);
}

return result;
}

#endif

/**
* \brief Write at most 'len' characters. If no error occurs,
Expand All @@ -121,20 +122,20 @@ int client_net_recv_timeout( void *ctx, unsigned char *buf,
*/
static int client_net_send( void *ctx, const unsigned char *buf, size_t len ) {
Client *client = (Client*)ctx;
if (!client) {
if (!client) {
log_e("Uninitialised!");
return -1;
}

//if (!client->connected()) {
// log_e("Not connected!");
// return -2;
//}

//esp_log_buffer_hexdump_internal("SSL.WR", buf, (uint16_t)len, ESP_LOG_VERBOSE);

int result = client->write(buf, len);

log_d("SSL client TX res=%d len=%d", result, len);
return result;
}
Expand All @@ -152,7 +153,7 @@ void ssl_init(sslclient_context *ssl_client, Client *client, const char * ca_pat
mbedtls_ssl_conf_ciphersuites(&ssl_client->ssl_conf, mbedtls_ssl_list_ciphersuites());

mbedtls_ssl_conf_dbg(&ssl_client->ssl_conf, mbedtls_debug_print, NULL);
mbedtls_debug_set_threshold(DEBUG_LEVEL);
mbedtls_debug_set_threshold(SSL_DEBUG_LEVEL);

mbedtls_fs_init(ca_path);
}
Expand Down Expand Up @@ -225,7 +226,7 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p
}
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
size_t psk_len = strlen(psKey)/2;
for (int j=0; j<strlen(psKey); j+= 2) {
for (size_t j=0; j<strlen(psKey); j+= 2) {
char c = psKey[j];
if (c >= '0' && c <= '9') c -= '0';
else if (c >= 'A' && c <= 'F') c -= 'A' - 10;
Expand Down Expand Up @@ -336,13 +337,13 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p
memset(buf, 0, sizeof(buf));
mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", flags);
log_e("Failed to verify peer certificate! verification info: %s", buf);
stop_ssl_socket(ssl_client, rootCABuff, cli_cert, cli_key); //It's not safe continue.
stop_ssl_socket(ssl_client); //It's not safe continue.

return handle_error(ret);
} else {
log_v("Certificate verified.");
}

if ((rootCABuff != NULL) || ((rootCAPath != NULL))) {
log_d("free buffer");
mbedtls_x509_crt_free(&ssl_client->ca_cert);
Expand All @@ -354,14 +355,14 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p

if (cli_key != NULL) {
mbedtls_pk_free(&ssl_client->client_key);
}
}

//return ssl_client->socket;
return 1;
}


void stop_ssl_socket(sslclient_context *ssl_client, const char *rootCABuff, const char *cli_cert, const char *cli_key)
void stop_ssl_socket(sslclient_context *ssl_client)
{
log_v("Cleaning SSL connection.");

Expand Down
2 changes: 1 addition & 1 deletion libraries/SSLClient/src/ssl_client.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ typedef struct sslclient_context {

void ssl_init(sslclient_context *ssl_client, Client *client, const char *ca_path);
int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t port, int timeout, const char *rootCABuff, const char *rootCAPath, const char *cli_cert, const char *cli_key, const char *pskIdent, const char *psKey, bool insecure);
void stop_ssl_socket(sslclient_context *ssl_client, const char *rootCABuff, const char *cli_cert, const char *cli_key);
void stop_ssl_socket(sslclient_context *ssl_client);
int data_to_read(sslclient_context *ssl_client);
int send_ssl_data(sslclient_context *ssl_client, const uint8_t *data, uint16_t len);
int get_ssl_receive(sslclient_context *ssl_client, uint8_t *data, int length);
Expand Down
5 changes: 3 additions & 2 deletions libraries/SSLClient/src/ssl_debug.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
#include "ssl_debug.h"

void ssl_debug_print(const char *format, ...) {
char debug_buf[1024];
char debug_buf[1024];
va_list argptr;
va_start(argptr, format);
vsnprintf(debug_buf, sizeof(debug_buf), format, argptr);
Expand All @@ -29,7 +29,7 @@ void ssl_debug_print(const char *format, ...) {
}

void ssl_debug_println(const char *format, ...) {
char debug_buf[1024];
char debug_buf[1024];
va_list argptr;
va_start(argptr, format);
vsnprintf(debug_buf, sizeof(debug_buf), format, argptr);
Expand All @@ -43,6 +43,7 @@ void ssl_debug_none(const char *format, ...) {

void mbedtls_debug_print(void *ctx, int level, const char *file, int line, const char *str)
{
((void) ctx);
((void) level);
ssl_debug_print("%s:%04d: %s", file, line, str);
}
14 changes: 7 additions & 7 deletions libraries/SSLClient/src/ssl_debug.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,33 +29,33 @@
* 4: DEBUG
* 5: VERBOSE
*/
#define DEBUG_LEVEL 1
#define SSL_DEBUG_LEVEL 1

#if DEBUG_LEVEL > 0
#if SSL_DEBUG_LEVEL > 0
#define log_e ssl_debug_println
#else
#define log_e ssl_debug_none
#endif

#if DEBUG_LEVEL > 1
#if SSL_DEBUG_LEVEL > 1
#define log_w ssl_debug_println
#else
#define log_w ssl_debug_none
#endif

#if DEBUG_LEVEL > 2
#if SSL_DEBUG_LEVEL > 2
#define log_i ssl_debug_println
#else
#define log_i ssl_debug_none
#endif

#if DEBUG_LEVEL > 3
#if SSL_DEBUG_LEVEL > 3
#define log_d ssl_debug_println
#else
#define log_d ssl_debug_none
#endif
#if DEBUG_LEVEL > 4

#if SSL_DEBUG_LEVEL > 4
#define log_v ssl_debug_println
#else
#define log_v ssl_debug_none
Expand Down
Loading