mirror of
https://github.com/esp8266/Arduino.git
synced 2025-07-27 18:02:17 +03:00
Move BearSSLHelpers into BearSSL namespace (#5315)
BearSSLX509List, BearSSLSession, BearSSLPublicKey, and BearSSLPrivateKey
were all in the global namespace and not in the BearSSL:: one, due to an
oversight when they were originally created. Move them to the proper
namespace with the following mapping:
BearSSLX509List => BearSSL::X509List
BearSSLSession => BearSSL::Session
BearSSLPublicKey => BearSSL::PublicKey
BearSSLPrivateKey => BearSSL::PrivateKey
This commit is contained in:
Earle F. Philhower, III
committed by
GitHub
GitHub
parent
a42c3c399b
commit
233d3e3b5e
@ -59,7 +59,7 @@ class WiFiClientSecure : public WiFiClient {
|
||||
bool stop(unsigned int maxWaitMs = 0) override;
|
||||
|
||||
// Allow sessions to be saved/restored automatically to a memory area
|
||||
void setSession(BearSSLSession *session) { _session = session; }
|
||||
void setSession(Session *session) { _session = session; }
|
||||
|
||||
// Don't validate the chain, just accept whatever is given. VERY INSECURE!
|
||||
void setInsecure() {
|
||||
@ -67,7 +67,7 @@ class WiFiClientSecure : public WiFiClient {
|
||||
_use_insecure = true;
|
||||
}
|
||||
// Assume a given public key, don't validate or use cert info at all
|
||||
void setKnownKey(const BearSSLPublicKey *pk, unsigned usages = BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN) {
|
||||
void setKnownKey(const PublicKey *pk, unsigned usages = BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN) {
|
||||
_clearAuthenticationSettings();
|
||||
_knownkey = pk;
|
||||
_knownkey_usages = usages;
|
||||
@ -86,7 +86,7 @@ class WiFiClientSecure : public WiFiClient {
|
||||
_use_self_signed = true;
|
||||
}
|
||||
// Install certificates of trusted CAs or specific site
|
||||
void setTrustAnchors(const BearSSLX509List *ta) {
|
||||
void setTrustAnchors(const X509List *ta) {
|
||||
_clearAuthenticationSettings();
|
||||
_ta = ta;
|
||||
}
|
||||
@ -95,8 +95,8 @@ class WiFiClientSecure : public WiFiClient {
|
||||
_now = now;
|
||||
}
|
||||
// Install a client certificate for this connection, in case the server requires it (i.e. MQTT)
|
||||
void setClientRSACert(const BearSSLX509List *cert, const BearSSLPrivateKey *sk);
|
||||
void setClientECCert(const BearSSLX509List *cert, const BearSSLPrivateKey *sk,
|
||||
void setClientRSACert(const X509List *cert, const PrivateKey *sk);
|
||||
void setClientECCert(const X509List *cert, const PrivateKey *sk,
|
||||
unsigned allowed_usages, unsigned cert_issuer_key_type);
|
||||
|
||||
// Sets the requested buffer size for transmit and receive
|
||||
@ -168,7 +168,7 @@ class WiFiClientSecure : public WiFiClient {
|
||||
std::shared_ptr<unsigned char> _iobuf_in;
|
||||
std::shared_ptr<unsigned char> _iobuf_out;
|
||||
time_t _now;
|
||||
const BearSSLX509List *_ta;
|
||||
const X509List *_ta;
|
||||
CertStore *_certStore;
|
||||
int _iobuf_in_size;
|
||||
int _iobuf_out_size;
|
||||
@ -177,13 +177,13 @@ class WiFiClientSecure : public WiFiClient {
|
||||
|
||||
// Optional storage space pointer for session parameters
|
||||
// Will be used on connect and updated on close
|
||||
BearSSLSession *_session;
|
||||
Session *_session;
|
||||
|
||||
bool _use_insecure;
|
||||
bool _use_fingerprint;
|
||||
uint8_t _fingerprint[20];
|
||||
bool _use_self_signed;
|
||||
const BearSSLPublicKey *_knownkey;
|
||||
const PublicKey *_knownkey;
|
||||
unsigned _knownkey_usages;
|
||||
|
||||
// Custom cipher list pointer or NULL if default
|
||||
@ -201,27 +201,27 @@ class WiFiClientSecure : public WiFiClient {
|
||||
bool _wait_for_handshake(); // Sets and return the _handshake_done after connecting
|
||||
|
||||
// Optional client certificate
|
||||
const BearSSLX509List *_chain;
|
||||
const BearSSLPrivateKey *_sk;
|
||||
const X509List *_chain;
|
||||
const PrivateKey *_sk;
|
||||
unsigned _allowed_usages;
|
||||
unsigned _cert_issuer_key_type;
|
||||
|
||||
// Methods for handling server.available() call which returns a client connection.
|
||||
friend class WiFiServerSecure; // Server needs to access these constructors
|
||||
WiFiClientSecure(ClientContext *client, const BearSSLX509List *chain, unsigned cert_issuer_key_type,
|
||||
const BearSSLPrivateKey *sk, int iobuf_in_size, int iobuf_out_size, const BearSSLX509List *client_CA_ta);
|
||||
WiFiClientSecure(ClientContext* client, const BearSSLX509List *chain, const BearSSLPrivateKey *sk,
|
||||
int iobuf_in_size, int iobuf_out_size, const BearSSLX509List *client_CA_ta);
|
||||
WiFiClientSecure(ClientContext *client, const X509List *chain, unsigned cert_issuer_key_type,
|
||||
const PrivateKey *sk, int iobuf_in_size, int iobuf_out_size, const X509List *client_CA_ta);
|
||||
WiFiClientSecure(ClientContext* client, const X509List *chain, const PrivateKey *sk,
|
||||
int iobuf_in_size, int iobuf_out_size, const X509List *client_CA_ta);
|
||||
|
||||
// RSA keyed server
|
||||
bool _connectSSLServerRSA(const BearSSLX509List *chain, const BearSSLPrivateKey *sk, const BearSSLX509List *client_CA_ta);
|
||||
bool _connectSSLServerRSA(const X509List *chain, const PrivateKey *sk, const X509List *client_CA_ta);
|
||||
// EC keyed server
|
||||
bool _connectSSLServerEC(const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk,
|
||||
const BearSSLX509List *client_CA_ta);
|
||||
bool _connectSSLServerEC(const X509List *chain, unsigned cert_issuer_key_type, const PrivateKey *sk,
|
||||
const X509List *client_CA_ta);
|
||||
|
||||
// X.509 validators differ from server to client
|
||||
bool _installClientX509Validator(); // Set up X509 validator for a client conn.
|
||||
bool _installServerX509Validator(const BearSSLX509List *client_CA_ta); // Setup X509 client cert validation, if supplied
|
||||
bool _installServerX509Validator(const X509List *client_CA_ta); // Setup X509 client cert validation, if supplied
|
||||
|
||||
uint8_t *_streamLoad(Stream& stream, size_t size);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user