Deprecate axTLS, update examples (#5366)

* update examples * fix serial<->tcp example, use STASSID instead of SSID (name collision) * fix HTTPSRequest.ino * update AxTLS HTTPS examples, update AxTLS API to deprecated * fixes * fixes + fix astyle (no preproc directives) + restyling script * fix HTTPClient library * fixes * common.sh: do not reload arduino when already present (for locally CI testing) * common.sh: do not reload ArduinoJson when already present (for locally CI testing) * fix * fix * fix deprecated example * fix WiFiHTTPSServer.ino * reduce footprint * wipfix * fix led builtin * fix example * finished updating APSSID on all examples * style * restyle examples * helper to run CI test locally * local CI runner more verbose * +const * deprecation deprecation * deprecation * Update NTPClient.ino const char[] => const char * * Update interactive.ino const char[] => const char *
2025-06-29 16:03:14 +03:00 · 2018-11-30 05:49:27 +01:00
parent 8f28c88f9c
commit 92373a9837
70 changed files with 888 additions and 296 deletions
--- a/libraries/ESP8266WiFi/src/WiFiClientSecure.h
+++ b/libraries/ESP8266WiFi/src/WiFiClientSecure.h
@ -20,8 +20,27 @@

 */

+//#include "WiFiClientSecureAxTLS.h"
+//using namespace axTLS;
+
+/**********************************
+ * !! Now BearSSL is the default !!
+ *
+ * While not advised,
+ * Use legacy API without updating with:
+ *
+#define USING_AXTLS
+#include <ESP8266WiFi.h>
+//#include <WiFiClientSecure.h>
 #include "WiFiClientSecureAxTLS.h"
+using namespace axTLS;
+ *
+ *
+ **********************************/
+
 #include "WiFiClientSecureBearSSL.h"

-using namespace axTLS;
-// using namespace BearSSL;
+#ifndef USING_AXTLS
+// do not default to BearSSL API ("using" has no "unusing" counterpart)
+using namespace BearSSL;
+#endif
--- a/libraries/ESP8266WiFi/src/WiFiClientSecureAxTLS.h
+++ b/libraries/ESP8266WiFi/src/WiFiClientSecureAxTLS.h
@ -32,7 +32,7 @@ class SSLContext;

 class WiFiClientSecure : public WiFiClient {
 public:
-  WiFiClientSecure();
+  WiFiClientSecure() __attribute__((deprecated("Upgrade to BearSSL is advised, check https://github.com/esp8266/Arduino/blob/master/libraries/ESP8266WiFi/src/WiFiClientSecure.h#L25-L99")));
  ~WiFiClientSecure() override;

  int connect(CONST IPAddress& ip, uint16_t port) override;
--- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
+++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
@ -1346,7 +1346,10 @@ bool WiFiClientSecure::loadCACert(Stream& stream, size_t size) {
  uint8_t *dest = _streamLoad(stream, size);
  bool ret = false;
  if (dest) {
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored  "-Wdeprecated-declarations"
    ret = setCACert(dest, size);
+#pragma GCC diagnostic pop
  }
  free(dest);
  return ret;
@ -1356,7 +1359,10 @@ bool WiFiClientSecure::loadCertificate(Stream& stream, size_t size) {
  uint8_t *dest = _streamLoad(stream, size);
  bool ret = false;
  if (dest) {
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored  "-Wdeprecated-declarations"
    ret = setCertificate(dest, size);
+#pragma GCC diagnostic pop
  }
  free(dest);
  return ret;
@ -1366,7 +1372,10 @@ bool WiFiClientSecure::loadPrivateKey(Stream& stream, size_t size) {
  uint8_t *dest = _streamLoad(stream, size);
  bool ret = false;
  if (dest) {
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored  "-Wdeprecated-declarations"
    ret = setPrivateKey(dest, size);
+#pragma GCC diagnostic pop
  }
  free(dest);
  return ret;
--- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h
+++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h
@ -121,21 +121,38 @@ class WiFiClientSecure : public WiFiClient {
    static bool probeMaxFragmentLength(const char *hostname, uint16_t port, uint16_t len);
    static bool probeMaxFragmentLength(const String& host, uint16_t port, uint16_t len);

-    // AXTLS compatible wrappers
-    // Cannot implement this mode, we need FP before we can connect: bool verify(const char* fingerprint, const char* domain_name)
-    bool verifyCertChain(const char* domain_name) { (void)domain_name; return connected(); } // If we're connected, the cert passed validation during handshake
+    ////////////////////////////////////////////////////
+    // AxTLS API deprecated warnings to help upgrading

-    bool setCACert(const uint8_t* pk, size_t size);
-    bool setCertificate(const uint8_t* pk, size_t size);
-    bool setPrivateKey(const uint8_t* pk, size_t size);
+    #define AXTLS_DEPRECATED \
+      __attribute__((deprecated( \
+        "This is deprecated AxTLS API, " \
+        "check https://github.com/esp8266/Arduino/blob/master/libraries/ESP8266WiFi/src/WiFiClientSecure.h#L25-L99")))

-    bool setCACert_P(PGM_VOID_P pk, size_t size) { return setCACert((const uint8_t *)pk, size); }
-    bool setCertificate_P(PGM_VOID_P pk, size_t size) { return setCertificate((const uint8_t *)pk, size); }
-    bool setPrivateKey_P(PGM_VOID_P pk, size_t size) { return setPrivateKey((const uint8_t *)pk, size); }
+    bool setCACert(const uint8_t* pk, size_t size)      AXTLS_DEPRECATED;
+    bool setCertificate(const uint8_t* pk, size_t size) AXTLS_DEPRECATED;
+    bool setPrivateKey(const uint8_t* pk, size_t size)  AXTLS_DEPRECATED;

-    bool loadCACert(Stream& stream, size_t size);
-    bool loadCertificate(Stream& stream, size_t size);
-    bool loadPrivateKey(Stream& stream, size_t size);
+    bool loadCACert(Stream& stream, size_t size)        AXTLS_DEPRECATED;
+    bool loadCertificate(Stream& stream, size_t size)   AXTLS_DEPRECATED;
+    bool loadPrivateKey(Stream& stream, size_t size)    AXTLS_DEPRECATED;
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored  "-Wdeprecated-declarations"
+
+    bool setCACert_P(PGM_VOID_P pk, size_t size) AXTLS_DEPRECATED {
+      return setCACert((const uint8_t *)pk, size);
+    }
+
+    bool setCertificate_P(PGM_VOID_P pk, size_t size) AXTLS_DEPRECATED {
+      return setCertificate((const uint8_t *)pk, size);
+    }
+
+    bool setPrivateKey_P(PGM_VOID_P pk, size_t size) AXTLS_DEPRECATED {
+      return setPrivateKey((const uint8_t *)pk, size);
+    }
+
+#pragma GCC diagnostic pop

    template<typename TFile>
    bool loadCertificate(TFile& file) {
@ -152,6 +169,20 @@ class WiFiClientSecure : public WiFiClient {
      return loadCACert(file, file.size());
    }

+    bool verify(const char* fingerprint, const char* domain_name) AXTLS_DEPRECATED {
+      (void)fingerprint;
+      (void)domain_name;
+      return connected();
+    }
+
+    bool verifyCertChain(const char* domain_name) AXTLS_DEPRECATED {
+      (void)domain_name;
+      return connected();
+    }
+
+    // AxTLS API deprecated section end
+    /////////////////////////////////////
+
  private:
    void _clear();
    void _clearAuthenticationSettings();
--- a/libraries/ESP8266WiFi/src/WiFiServerSecure.h
+++ b/libraries/ESP8266WiFi/src/WiFiServerSecure.h
@ -17,5 +17,7 @@
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

-#include "WiFiServerSecureAxTLS.h"
+#include <WiFiClientSecure.h>
+
+//#include "WiFiServerSecureAxTLS.h"
 #include "WiFiServerSecureBearSSL.h"
--- a/libraries/ESP8266WiFi/src/WiFiServerSecureAxTLS.cpp
+++ b/libraries/ESP8266WiFi/src/WiFiServerSecureAxTLS.cpp
@ -34,7 +34,8 @@ extern "C" {
 #include "lwip/tcp.h"
 #include "lwip/inet.h"
 #include "include/ClientContext.h"
-#include "WiFiServerSecure.h"
+#include "WiFiClientSecureAxTLS.h"
+#include "WiFiServerSecureAxTLS.h"


 namespace axTLS {
@ -77,7 +78,10 @@ WiFiClientSecure WiFiServerSecure::available(uint8_t* status)
    }

    optimistic_yield(1000);
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored  "-Wdeprecated-declarations"
    return WiFiClientSecure();
+#pragma GCC diagnostic pop
 }

 };
--- a/libraries/ESP8266WiFi/src/include/SSLContext.h
+++ b/libraries/ESP8266WiFi/src/include/SSLContext.h
@ -38,6 +38,7 @@ extern "C"
 #include "lwip/inet.h"
 #include "lwip/netif.h"
 #include <include/ClientContext.h>
+#include <WiFiClientSecureAxTLS.h>
 #include "c_types.h"

 namespace axTLS {