arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-06-28 05:01:28 +03:00
Code Activity

ESP8266HTTPClient - prefer trust anchors to fingerprinting in examples (#9181)

Browse Source
This commit is contained in:
Max Prokhorov
2024-07-31 02:00:47 +03:00
committed by GitHub
parent bd136f1c20
commit 05f05d0dab
5 changed files with 207 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
libraries/ESP8266HTTPClient/examples/BasicHttpsClient/BasicHttpsClient.ino
View File

@ -39,10 +39,15 @@ void loop() {
// wait for WiFi connection
if ((WiFiMulti.run() == WL_CONNECTED)) {
std::unique_ptr<BearSSL::WiFiClientSecure> client(new BearSSL::WiFiClientSecure);
auto certs = std::make_unique<BearSSL::X509List>(cert_Cloudflare_Inc_ECC_CA_3);
auto client = std::make_unique<BearSSL::WiFiClientSecure>();
client->setFingerprint(fingerprint_sni_cloudflaressl_com);
// Or, if you happy to ignore the SSL certificate, then use the following line instead:
client->setTrustAnchors(certs.get());
// Or, if you prefer to use fingerprinting:
// client->setFingerprint(fingerprint_w3_org);
// This is *not* a recommended option, as fingerprint changes with the host certificate
// Or, if you are *absolutely* sure it is ok to ignore the SSL certificate:
// client->setInsecure();
HTTPClient https;

16
libraries/ESP8266HTTPClient/examples/BasicHttpsClient/certs.h
View File

@ -1,7 +1,7 @@
// this file is autogenerated - any modification will be overwritten
// unused symbols will not be linked in the final binary
// generated on 2023-03-20 23:02:42
// generated on 2024-07-30 22:46:21
// by ['../../../../tools/cert.py', '-s', 'jigsaw.w3.org', '-n', 'jigsaw']
#pragma once
@ -12,14 +12,14 @@
const char* jigsaw_host = "jigsaw.w3.org";
const uint16_t jigsaw_port = 443;
// CN: sni.cloudflaressl.com => name: sni_cloudflaressl_com
// not valid before: 2023-02-14 00:00:00
// not valid after: 2024-02-14 23:59:59
const char fingerprint_sni_cloudflaressl_com [] PROGMEM = "70:7c:82:07:f3:58:18:87:25:42:31:83:45:86:bd:17:86:71:4e:1f";
const char pubkey_sni_cloudflaressl_com [] PROGMEM = R"PUBKEY(
// CN: w3.org => name: w3_org
// not valid before: 2024-01-26 00:00:00
// not valid after: 2024-12-31 23:59:59
const char fingerprint_w3_org [] PROGMEM = "07:f2:bd:4c:d0:ce:58:da:13:03:9d:a9:0d:df:e9:5b:60:5f:7f:a5";
const char pubkey_w3_org [] PROGMEM = R"PUBKEY(
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/NU/7vfdymScyhfx81ieO8XiwGqq
TU4tjeWzSosWSpmQwnGmRqiU2h2wyT9uYxRme6uQ0yLedf4nz9ks+4OxtA==
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPwx1EbG8lugJ74owfhQChFkoxc9R
EZ9D7g5JfO7TUZH+nxWxCT7njoKgD9yvJZYTy/oijTdhB7o7knUsBLRj8A==
-----END PUBLIC KEY-----
)PUBKEY";