diff --git a/libraries/ESP8266WiFi/examples/HTTPSRequest/HTTPSRequest.ino b/libraries/ESP8266WiFi/examples/HTTPSRequest/HTTPSRequest.ino index 000dbb2a1..82374b40c 100644 --- a/libraries/ESP8266WiFi/examples/HTTPSRequest/HTTPSRequest.ino +++ b/libraries/ESP8266WiFi/examples/HTTPSRequest/HTTPSRequest.ino @@ -7,11 +7,6 @@ esp8266/Arduino project continuous integration build. - Limitations: - only RSA certificates - no support of Perfect Forward Secrecy (PFS) - TLSv1.2 is supported since version 2.4.0-rc1 - Created by Ivan Grokhotkov, 2015. This example is in public domain. */ @@ -30,14 +25,38 @@ const char* password = STAPSK; const char* host = "api.github.com"; const int httpsPort = 443; -// Use web browser to view and copy -// SHA1 fingerprint of the certificate -const char fingerprint[] PROGMEM = "5F F1 60 31 09 04 3E F2 90 D2 B0 8A 50 38 04 E8 37 9F BC 76"; +// DigiCert High Assurance EV Root CA +const char trustRoot[] PROGMEM = R"EOF( +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9K +-----END CERTIFICATE----- +)EOF"; +X509List cert(trustRoot); void setup() { Serial.begin(115200); Serial.println(); - Serial.print("connecting to "); + Serial.print("Connecting to "); Serial.println(ssid); WiFi.mode(WIFI_STA); WiFi.begin(ssid, password); @@ -50,21 +69,37 @@ void setup() { Serial.println("IP address: "); Serial.println(WiFi.localIP()); + // Set time via NTP, as required for x.509 validation + configTime(3 * 3600, 0, "pool.ntp.org", "time.nist.gov"); + + Serial.print("Waiting for NTP time sync: "); + time_t now = time(nullptr); + while (now < 8 * 3600 * 2) { + delay(500); + Serial.print("."); + now = time(nullptr); + } + Serial.println(""); + struct tm timeinfo; + gmtime_r(&now, &timeinfo); + Serial.print("Current time: "); + Serial.print(asctime(&timeinfo)); + // Use WiFiClientSecure class to create TLS connection WiFiClientSecure client; - Serial.print("connecting to "); + Serial.print("Connecting to "); Serial.println(host); - Serial.printf("Using fingerprint '%s'\n", fingerprint); - client.setFingerprint(fingerprint); + Serial.printf("Using certificate: %s\n", trustRoot); + client.setTrustAnchors(&cert); if (!client.connect(host, httpsPort)) { - Serial.println("connection failed"); + Serial.println("Connection failed"); return; } String url = "/repos/esp8266/Arduino/commits/master/status"; - Serial.print("requesting URL: "); + Serial.print("Requesting URL: "); Serial.println(url); client.print(String("GET ") + url + " HTTP/1.1\r\n" + @@ -72,11 +107,11 @@ void setup() { "User-Agent: BuildFailureDetectorESP8266\r\n" + "Connection: close\r\n\r\n"); - Serial.println("request sent"); + Serial.println("Request sent"); while (client.connected()) { String line = client.readStringUntil('\n'); if (line == "\r") { - Serial.println("headers received"); + Serial.println("Headers received"); break; } } @@ -86,11 +121,11 @@ void setup() { } else { Serial.println("esp8266/Arduino CI has failed"); } - Serial.println("reply was:"); + Serial.println("Reply was:"); Serial.println("=========="); Serial.println(line); Serial.println("=========="); - Serial.println("closing connection"); + Serial.println("Closing connection"); } void loop() {