arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-21 10:26:06 +03:00
Code

Add warning when no authenticator, drop verify() (#5205)

Browse Source 
Print a warning when in debug mode when a BearSSL connection tries to
connect without having any defined authentication methods, since it will
fail.

Completely remove the empty axTLS compatibilty method
"::verify(char *fp, char *name)" because it can't be done w/BearSSL w/o
user code changes, and always failed.  Better to have a compile failure
when we know at compile time the app won't do what is expected.

Completes the changes started by @d-a-v in PR #4833
This commit is contained in:
Earle F. Philhower, III 2018-10-03 20:27:09 -07:00 committed by GitHub
parent 18612c97d8
commit 14808c9ac4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
View File

@ -883,6 +883,13 @@ bool WiFiClientSecure::_connectSSL(const char* hostName) {
_freeSSL(); _freeSSL();
_oom_err = false; _oom_err = false;
#ifdef DEBUG_ESP_SSL
// BearSSL will reject all connections unless an authentication option is set, warn in DEBUG builds
if (!_use_insecure && !_use_fingerprint && !_use_self_signed && !_knownkey && !_certStore && !_ta) {
DEBUGV("BSSL: Connection *will* fail, no authentication method is setup");
}
#endif
_sc = std::make_shared<br_ssl_client_context>(); _sc = std::make_shared<br_ssl_client_context>();
_eng = &_sc->eng; // Allocation/deallocation taken care of by the _sc shared_ptr _eng = &_sc->eng; // Allocation/deallocation taken care of by the _sc shared_ptr
_iobuf_in = std::shared_ptr<unsigned char>(new unsigned char[_iobuf_in_size], std::default_delete<unsigned char[]>()); _iobuf_in = std::shared_ptr<unsigned char>(new unsigned char[_iobuf_in_size], std::default_delete<unsigned char[]>());

2
libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h
View File

@ -122,7 +122,7 @@ class WiFiClientSecure : public WiFiClient {
static bool probeMaxFragmentLength(const String host, uint16_t port, uint16_t len); static bool probeMaxFragmentLength(const String host, uint16_t port, uint16_t len);
// AXTLS compatible wrappers // AXTLS compatible wrappers
bool verify(const char* fingerprint, const char* domain_name) { (void) fingerprint; (void) domain_name; return false; } // Can't handle this case, need app code changes // Cannot implement this mode, we need FP before we can connect: bool verify(const char* fingerprint, const char* domain_name)
bool verifyCertChain(const char* domain_name) { (void)domain_name; return connected(); } // If we're connected, the cert passed validation during handshake bool verifyCertChain(const char* domain_name) { (void)domain_name; return connected(); } // If we're connected, the cert passed validation during handshake
bool setCACert(const uint8_t* pk, size_t size); bool setCACert(const uint8_t* pk, size_t size);