From 85e2ffffe1af06e9810c2b299621e4c91f119c93 Mon Sep 17 00:00:00 2001 From: Paulo Cabral Sanz Date: Mon, 18 Jan 2021 16:59:20 -0300 Subject: [PATCH] Allow users to inherit and override CertStore (#7827) Make installCertStore virtual so we can inherit from CertStore and override it Create CertStoreBase to inherit from --- libraries/ESP8266WiFi/src/CertStoreBearSSL.h | 10 +++++++++- libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h | 6 +++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/libraries/ESP8266WiFi/src/CertStoreBearSSL.h b/libraries/ESP8266WiFi/src/CertStoreBearSSL.h index dcfcb3465..51dcb0755 100644 --- a/libraries/ESP8266WiFi/src/CertStoreBearSSL.h +++ b/libraries/ESP8266WiFi/src/CertStoreBearSSL.h @@ -31,7 +31,15 @@ namespace BearSSL { -class CertStore { +class CertStoreBase { + public: + virtual ~CertStoreBase() {} + + // Installs the cert store into the X509 decoder (normally via static function callbacks) + virtual void installCertStore(br_x509_minimal_context *ctx) = 0; +}; + +class CertStore: public CertStoreBase { public: CertStore() { }; ~CertStore(); diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h index 858f573e2..55c366075 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h +++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h @@ -110,7 +110,7 @@ class WiFiClientSecureCtx : public WiFiClient { int getLastSSLError(char *dest = NULL, size_t len = 0); // Attach a preconfigured certificate store - void setCertStore(CertStore *certStore) { + void setCertStore(CertStoreBase *certStore) { _certStore = certStore; } @@ -140,7 +140,7 @@ class WiFiClientSecureCtx : public WiFiClient { std::shared_ptr _iobuf_out; time_t _now; const X509List *_ta; - CertStore *_certStore; + CertStoreBase *_certStore; int _iobuf_in_size; int _iobuf_out_size; bool _handshake_done; @@ -274,7 +274,7 @@ class WiFiClientSecure : public WiFiClient { int getLastSSLError(char *dest = NULL, size_t len = 0) { return _ctx->getLastSSLError(dest, len); } // Attach a preconfigured certificate store - void setCertStore(CertStore *certStore) { _ctx->setCertStore(certStore); } + void setCertStore(CertStoreBase *certStore) { _ctx->setCertStore(certStore); } // Select specific ciphers (i.e. optimize for speed over security) // These may be in PROGMEM or RAM, either will run properly