Fix minor BearSSL API issues (#4901)

Fixes #4882 and updates GitHub certificate fingerprint to the current one in BearSSL_Validation example. When setting a authentication mode or stopping, clear all others out in case the object is being re-used. Add in a yield during the SSL handshake to allow a graceful timeout and not a WDT error when the remote server hiccups. Thanks to @Jeroen88 for finding and testing this.
2025-07-27 18:02:17 +03:00 · 2018-07-16 09:35:00 -07:00
parent fcf2ac5d3d
commit 53091882b8
3 changed files with 9 additions and 1 deletions
--- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h
+++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h
@ -59,24 +59,29 @@ class WiFiClientSecure : public WiFiClient {

    // Don't validate the chain, just accept whatever is given.  VERY INSECURE!
    void setInsecure() {
+      _clearAuthenticationSettings();
      _use_insecure = true;
    }
    // Assume a given public key, don't validate or use cert info at all
    void setKnownKey(const BearSSLPublicKey *pk, unsigned usages = BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN) {
+      _clearAuthenticationSettings();
      _knownkey = pk;
      _knownkey_usages = usages;
    }
    // Only check SHA1 fingerprint of certificate
    void setFingerprint(const uint8_t fingerprint[20]) {
+      _clearAuthenticationSettings();
      _use_fingerprint = true;
      memcpy_P(_fingerprint, fingerprint, 20);
    }
    // Accept any certificate that's self-signed
    void allowSelfSignedCerts() {
+      _clearAuthenticationSettings();
      _use_self_signed = true;
    }
    // Install certificates of trusted CAs or specific site
    void setTrustAnchors(const BearSSLX509List *ta) {
+      _clearAuthenticationSettings();
      _ta = ta;
    }
    // In cases when NTP is not used, app must set a time manually to check cert validity