WiFiClientSecure: initialize ssl_ctx when loading certificate

Fixes #2470
2025-06-06 05:21:22 +03:00 · 2017-05-22 00:52:59 +08:00 · 2017-05-22 00:52:59 +08:00 · 79cfad5d46
commit 79cfad5d46
parent f211014dd3
1 changed files with 19 additions and 13 deletions
--- a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
+++ b/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
@ -94,6 +94,9 @@ public:
        ssl_ext_set_host_name(ext, hostName);
        ssl_ext_set_max_fragment_size(ext, 4096);
        s_io_ctx = ctx;
+        if (_ssl) {
+            ssl_free(_ssl);
+        }
        _ssl = ssl_client_new(_ssl_ctx, 0, nullptr, 0, ext);
        uint32_t t = millis();

@ -239,7 +242,7 @@ protected:
            }
            return 0;
        }
-        DEBUGV(":wcs ra %d", rc);
+        DEBUGV(":wcs ra %d\r\n", rc);
        _read_ptr = data;
        _available = rc;
        return _available;
@ -311,13 +314,10 @@ int WiFiClientSecure::connect(const char* name, uint16_t port)

 int WiFiClientSecure::_connectSSL(const char* hostName)
 {
-    if (_ssl) {
-        _ssl->unref();
-        _ssl = nullptr;
+    if (!_ssl) {
+        _ssl = new SSLContext;
+        _ssl->ref();
    }
-
-    _ssl = new SSLContext;
-    _ssl->ref();
    _ssl->connect(_client, hostName, 5000);

    auto status = ssl_handshake_status(*_ssl);
@ -553,7 +553,8 @@ bool WiFiClientSecure::verifyCertChain(const char* domain_name)
 bool WiFiClientSecure::setCACert(const uint8_t* pk, size_t size)
 {
    if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
    }
    return _ssl->loadObject(SSL_OBJ_X509_CACERT, pk, size);
 }
@ -561,7 +562,8 @@ bool WiFiClientSecure::setCACert(const uint8_t* pk, size_t size)
 bool WiFiClientSecure::setCertificate(const uint8_t* pk, size_t size)
 {
    if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
    }
    return _ssl->loadObject(SSL_OBJ_X509_CERT, pk, size);
 }
@ -569,7 +571,8 @@ bool WiFiClientSecure::setCertificate(const uint8_t* pk, size_t size)
 bool WiFiClientSecure::setPrivateKey(const uint8_t* pk, size_t size)
 {
    if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
    }
    return _ssl->loadObject(SSL_OBJ_RSA_KEY, pk, size);
 }
@ -577,7 +580,8 @@ bool WiFiClientSecure::setPrivateKey(const uint8_t* pk, size_t size)
 bool WiFiClientSecure::loadCACert(Stream& stream, size_t size)
 {
    if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
    }
    return _ssl->loadObject(SSL_OBJ_X509_CACERT, stream, size);
 }
@ -585,7 +589,8 @@ bool WiFiClientSecure::loadCACert(Stream& stream, size_t size)
 bool WiFiClientSecure::loadCertificate(Stream& stream, size_t size)
 {
    if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
    }
    return _ssl->loadObject(SSL_OBJ_X509_CERT, stream, size);
 }
@ -593,7 +598,8 @@ bool WiFiClientSecure::loadCertificate(Stream& stream, size_t size)
 bool WiFiClientSecure::loadPrivateKey(Stream& stream, size_t size)
 {
    if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
    }
    return _ssl->loadObject(SSL_OBJ_RSA_KEY, stream, size);
 }