arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-06-06 05:21:22 +03:00
Code

WiFiClientSecure: add support for keys and certificates in PROGMEM

Browse Source
This commit is contained in:
Ivan Grokhotkov 2017-10-08 05:04:04 +08:00
parent f85f8269b7
commit 84b046f98c
4 changed files with 42 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libraries/ESP8266WiFi/examples/HTTPSRequestCACert/CACert.ino
View File

@ -1,5 +1,5 @@
const unsigned char caCert[] = { const unsigned char caCert[] PROGMEM = {
0x30, 0x82, 0x03, 0xc5, 0x30, 0x82, 0x02, 0xad, 0xa0, 0x03, 0x02, 0x01, 0x30, 0x82, 0x03, 0xc5, 0x30, 0x82, 0x02, 0xad, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x10, 0x02, 0xac, 0x5c, 0x26, 0x6a, 0x0b, 0x40, 0x9b, 0x8f, 0x02, 0x02, 0x10, 0x02, 0xac, 0x5c, 0x26, 0x6a, 0x0b, 0x40, 0x9b, 0x8f,
0x0b, 0x79, 0xf2, 0xae, 0x46, 0x25, 0x77, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x0b, 0x79, 0xf2, 0xae, 0x46, 0x25, 0x77, 0x30, 0x0d, 0x06, 0x09, 0x2a,

4
libraries/ESP8266WiFi/examples/HTTPSRequestCACert/HTTPSRequestCACert.ino
View File

@ -27,7 +27,7 @@ const int httpsPort = 443;
// Root certificate used by api.github.com. // Root certificate used by api.github.com.
// Defined in "CACert" tab. // Defined in "CACert" tab.
extern const unsigned char caCert[]; extern const unsigned char caCert[] PROGMEM;
extern const unsigned int caCertLen; extern const unsigned int caCertLen;
WiFiClientSecure client; WiFiClientSecure client;
@ -64,7 +64,7 @@ void setup() {
Serial.print(asctime(&timeinfo)); Serial.print(asctime(&timeinfo));
// Load root certificate in DER format into WiFiClientSecure object // Load root certificate in DER format into WiFiClientSecure object
bool res = client.setCACert(caCert, caCertLen); bool res = client.setCACert_P(caCert, caCertLen);
if (!res) { if (!res) {
Serial.println("Failed to load root CA certificate!"); Serial.println("Failed to load root CA certificate!");
while (true) { while (true) {

35
libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
View File

@ -209,6 +209,14 @@ public:
return loadObject(type, buf.get(), size); return loadObject(type, buf.get(), size);
} }
bool loadObject_P(int type, PGM_VOID_P data, size_t size)
{
std::unique_ptr<uint8_t[]> buf(new uint8_t[size]);
memcpy_P(buf.get(),data, size);
return loadObject(type, buf.get(), size);
}
bool loadObject(int type, const uint8_t* data, size_t size) bool loadObject(int type, const uint8_t* data, size_t size)
{ {
int rc = ssl_obj_memory_load(_ssl_ctx, type, data, static_cast<int>(size), nullptr); int rc = ssl_obj_memory_load(_ssl_ctx, type, data, static_cast<int>(size), nullptr);
@ -587,6 +595,33 @@ bool WiFiClientSecure::setPrivateKey(const uint8_t* pk, size_t size)
return _ssl->loadObject(SSL_OBJ_RSA_KEY, pk, size); return _ssl->loadObject(SSL_OBJ_RSA_KEY, pk, size);
} }
bool WiFiClientSecure::setCACert_P(PGM_VOID_P pk, size_t size)
{
if (!_ssl) {
_ssl = new SSLContext;
_ssl->ref();
}
return _ssl->loadObject_P(SSL_OBJ_X509_CACERT, pk, size);
}
bool WiFiClientSecure::setCertificate_P(PGM_VOID_P pk, size_t size)
{
if (!_ssl) {
_ssl = new SSLContext;
_ssl->ref();
}
return _ssl->loadObject_P(SSL_OBJ_X509_CERT, pk, size);
}
bool WiFiClientSecure::setPrivateKey_P(PGM_VOID_P pk, size_t size)
{
if (!_ssl) {
_ssl = new SSLContext;
_ssl->ref();
}
return _ssl->loadObject_P(SSL_OBJ_RSA_KEY, pk, size);
}
bool WiFiClientSecure::loadCACert(Stream& stream, size_t size) bool WiFiClientSecure::loadCACert(Stream& stream, size_t size)
{ {
if (!_ssl) { if (!_ssl) {

4
libraries/ESP8266WiFi/src/WiFiClientSecure.h
View File

@ -54,6 +54,10 @@ public:
bool setCertificate(const uint8_t* pk, size_t size); bool setCertificate(const uint8_t* pk, size_t size);
bool setPrivateKey(const uint8_t* pk, size_t size); bool setPrivateKey(const uint8_t* pk, size_t size);
bool setCACert_P(PGM_VOID_P pk, size_t size);
bool setCertificate_P(PGM_VOID_P pk, size_t size);
bool setPrivateKey_P(PGM_VOID_P pk, size_t size);
bool loadCACert(Stream& stream, size_t size); bool loadCACert(Stream& stream, size_t size);
bool loadCertificate(Stream& stream, size_t size); bool loadCertificate(Stream& stream, size_t size);
bool loadPrivateKey(Stream& stream, size_t size); bool loadPrivateKey(Stream& stream, size_t size);