1
0
mirror of https://github.com/esp8266/Arduino.git synced 2025-10-25 18:38:07 +03:00

Add BearSSL::setFingerprint(char* fp) (#5204)

Add a method allowing a user to send in a character string for the
fingerprint, like axTLS supported.

Implements part of PR #4833 from @d-a-v with changes requested in
discussion.
This commit is contained in:
Earle F. Philhower, III
2018-10-03 19:32:47 -07:00
committed by GitHub
parent 2f6a25b9f5
commit 18612c97d8
3 changed files with 40 additions and 2 deletions

View File

@@ -536,6 +536,42 @@ bool WiFiClientSecure::_wait_for_handshake() {
return _handshake_done;
}
static uint8_t htoi (unsigned char c)
{
if (c>='0' && c <='9') return c - '0';
else if (c>='A' && c<='F') return 10 + c - 'A';
else if (c>='a' && c<='f') return 10 + c - 'a';
else return 255;
}
// Set a fingerprint by parsing an ASCII string
bool WiFiClientSecure::setFingerprint(const char *fpStr) {
int idx = 0;
uint8_t c, d;
uint8_t fp[20];
while (idx < 20) {
c = pgm_read_byte(fpStr++);
if (!c) break; // String ended, done processing
d = pgm_read_byte(fpStr++);
if (!d) return false; // Only half of the last hex digit, error
c = htoi(c);
d = htoi(d);
if ((c>15) || (d>15)) {
return false; // Error in one of the hex characters
}
fp[idx++] = (c<<4)|d;
// Skip 0 or more spaces or colons
while ( pgm_read_byte(fpStr) && (pgm_read_byte(fpStr)==' ' || pgm_read_byte(fpStr)==':') ) {
fpStr++;
}
}
if ((idx != 20) || pgm_read_byte(fpStr)) {
return false; // Garbage at EOL or we didn't have enough hex digits
}
return setFingerprint(fp);
}
extern "C" {

View File

@@ -73,11 +73,13 @@ class WiFiClientSecure : public WiFiClient {
_knownkey_usages = usages;
}
// Only check SHA1 fingerprint of certificate
void setFingerprint(const uint8_t fingerprint[20]) {
bool setFingerprint(const uint8_t fingerprint[20]) {
_clearAuthenticationSettings();
_use_fingerprint = true;
memcpy_P(_fingerprint, fingerprint, 20);
return true;
}
bool setFingerprint(const char *fpStr);
// Accept any certificate that's self-signed
void allowSelfSignedCerts() {
_clearAuthenticationSettings();