Add SSL enabled WiFiServer, Updater, WebServer

Adds SSL server mode for WiFiServerSecure, for plain SSL connections, ESP8266WebServerSecure, for HTTPS web serving, and SecureHTTPSUpdater for encrypted OTA updates. Example code is provided for all new options, as well as a BASH script for generating their own, self-signed certificates. Both ESP8266WebServerSecure and SecureHTTPSUpdater are important for secure password-based authentication. HTTP Basic Authentication, the only supported model presently, sends the username and password in *cleartext* and therefore should *never* be used in any un-SSL encrypted channel unless you don't mind sharing your login and password with anyone else on the internet. Even if the ESP8266 is not safety critical, this cleartext broadcast could expose you should you reuse this password elsewhere on your network or the internet.
2025-06-12 01:53:07 +03:00 · 2017-02-27 20:17:04 -08:00
parent 8765da258b
commit bd1c7ce1dc
17 changed files with 1049 additions and 29 deletions
--- a/libraries/ESP8266WebServer/examples/HelloServerSecure/HelloServerSecure.ino
+++ b/libraries/ESP8266WebServer/examples/HelloServerSecure/HelloServerSecure.ino
@ -0,0 +1,179 @@
+/*
+  HelloServerSecure - Simple HTTPS server example
+
+  This example demonstrates a basic ESP8266WebServerSecure HTTPS server
+  that can serve "/" and "/inline" and generate detailed 404 (not found)
+  HTTP respoinses.  Be sure to update the SSID and PASSWORD before running
+  to allow connection to your WiFi network.
+
+  IMPORTANT NOTES ABOUT SSL CERTIFICATES
+
+  1. USE/GENERATE YOUR OWN CERTIFICATES
+    While a sample, self-signed certificate is included in this example,
+    it is ABSOLUTELY VITAL that you use your own SSL certificate in any
+    real-world deployment.  Anyone with the certificate and key may be
+    able to decrypt your traffic, so your own keys should be kept in a
+    safe manner, not accessible on any public network.
+
+  2. HOW TO GENERATE YOUR OWN CERTIFICATE/KEY PAIR
+    A sample script, "make-self-signed-cert.sh" is provided in the
+    ESP8266WiFi/examples/WiFiHTTPSServer directory.  This script can be
+    modified (replace "your-name-here" with your Organization name).  Note
+    that this will be a *self-signed certificate* and will *NOT* be accepted
+    by default by most modern browsers.  They'll display something like,
+    "This certificate is from an untrusted source," or "Your connection is
+    not secure," or "Your connection is not private," and the user will
+    have to manully allow the browser to continue by using the
+    "Advanced/Add Exception" (FireFox) or "Advanced/Proceed" (Chrome) link.
+
+    You may also, of course, use a commercial, trusted SSL provider to
+    generate your certificate.  When requesting the certificate, you'll
+    need to specify that it use SHA256 and 1024 or 512 bits in order to
+    function with the axTLS implementation in the ESP8266.
+
+  Interactive usage:
+    Go to https://esp8266-webupdate.local/firmware, enter the username
+    and password, and the select a new BIN to upload.
+
+  To upload through terminal you can use:
+  curl -u admin:admin -F "image=@firmware.bin" esp8266-webupdate.local/firmware
+
+  Adapted by Earle F. Philhower, III, from the HelloServer.ino example.
+  This example is released into the public domain.
+*/
+#include <ESP8266WiFi.h>
+#include <WiFiClient.h>
+#include <ESP8266WebServerSecure.h>
+#include <ESP8266mDNS.h>
+
+const char* ssid = "........";
+const char* password = "........";
+
+ESP8266WebServerSecure server(443);
+
+// The certificate is stored in PMEM 
+static const uint8_t x509[] PROGMEM = {
+  0x30, 0x82, 0x01, 0x3d, 0x30, 0x81, 0xe8, 0x02, 0x09, 0x00, 0xfe, 0x56,
+  0x46, 0xf2, 0x78, 0xc6, 0x51, 0x17, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
+  0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x26, 0x31,
+  0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x45, 0x53,
+  0x50, 0x38, 0x32, 0x36, 0x36, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
+  0x04, 0x03, 0x0c, 0x09, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e,
+  0x31, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x37, 0x30, 0x33, 0x31, 0x38, 0x31,
+  0x34, 0x34, 0x39, 0x31, 0x38, 0x5a, 0x17, 0x0d, 0x33, 0x30, 0x31, 0x31,
+  0x32, 0x35, 0x31, 0x34, 0x34, 0x39, 0x31, 0x38, 0x5a, 0x30, 0x26, 0x31,
+  0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x45, 0x53,
+  0x50, 0x38, 0x32, 0x36, 0x36, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
+  0x04, 0x03, 0x0c, 0x09, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e,
+  0x31, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+  0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02,
+  0x41, 0x00, 0xc6, 0x72, 0x6c, 0x12, 0xe1, 0x20, 0x4d, 0x10, 0x0c, 0xf7,
+  0x3a, 0x2a, 0x5a, 0x49, 0xe2, 0x2d, 0xc9, 0x7a, 0x63, 0x1d, 0xef, 0xc6,
+  0xbb, 0xa3, 0xd6, 0x6f, 0x59, 0xcb, 0xd5, 0xf6, 0xbe, 0x34, 0x83, 0x33,
+  0x50, 0x80, 0xec, 0x49, 0x63, 0xbf, 0xee, 0x59, 0x94, 0x67, 0x8b, 0x8d,
+  0x81, 0x85, 0x23, 0x24, 0x06, 0x52, 0x76, 0x55, 0x9d, 0x18, 0x09, 0xb3,
+  0x3c, 0x10, 0x40, 0x05, 0x01, 0xf3, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30,
+  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+  0x05, 0x00, 0x03, 0x41, 0x00, 0x69, 0xdc, 0x6c, 0x9b, 0xa7, 0x62, 0x57,
+  0x7e, 0x03, 0x01, 0x45, 0xad, 0x9a, 0x83, 0x90, 0x3a, 0xe7, 0xdf, 0xe8,
+  0x8f, 0x46, 0x00, 0xd3, 0x5f, 0x2b, 0x0a, 0xde, 0x92, 0x1b, 0xc5, 0x04,
+  0xc5, 0xc0, 0x76, 0xf4, 0xf6, 0x08, 0x36, 0x97, 0x27, 0x82, 0xf1, 0x60,
+  0x76, 0xc2, 0xcd, 0x67, 0x6c, 0x4b, 0x6c, 0xca, 0xfd, 0x97, 0xfd, 0x33,
+  0x9e, 0x12, 0x67, 0x6b, 0x98, 0x7e, 0xd5, 0x80, 0x8f
+};
+
+// And so is the key.  These could also be in DRAM
+static const uint8_t rsakey[] PROGMEM = {
+  0x30, 0x82, 0x01, 0x3a, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 0xc6, 0x72,
+  0x6c, 0x12, 0xe1, 0x20, 0x4d, 0x10, 0x0c, 0xf7, 0x3a, 0x2a, 0x5a, 0x49,
+  0xe2, 0x2d, 0xc9, 0x7a, 0x63, 0x1d, 0xef, 0xc6, 0xbb, 0xa3, 0xd6, 0x6f,
+  0x59, 0xcb, 0xd5, 0xf6, 0xbe, 0x34, 0x83, 0x33, 0x50, 0x80, 0xec, 0x49,
+  0x63, 0xbf, 0xee, 0x59, 0x94, 0x67, 0x8b, 0x8d, 0x81, 0x85, 0x23, 0x24,
+  0x06, 0x52, 0x76, 0x55, 0x9d, 0x18, 0x09, 0xb3, 0x3c, 0x10, 0x40, 0x05,
+  0x01, 0xf3, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x40, 0x35, 0x0b, 0x74,
+  0xd3, 0xff, 0x15, 0x51, 0x44, 0x0f, 0x13, 0x2e, 0x9b, 0x0f, 0x93, 0x5c,
+  0x3f, 0xfc, 0xf1, 0x17, 0xf9, 0x72, 0x94, 0x5e, 0xa7, 0xc6, 0xb3, 0xf0,
+  0xfe, 0xc9, 0x6c, 0xb1, 0x1e, 0x83, 0xb3, 0xc6, 0x45, 0x3a, 0x25, 0x60,
+  0x7c, 0x3d, 0x92, 0x7d, 0x53, 0xec, 0x49, 0x8d, 0xb5, 0x45, 0x10, 0x99,
+  0x9b, 0xc6, 0x22, 0x3a, 0x68, 0xc7, 0x13, 0x4e, 0xb6, 0x04, 0x61, 0x21,
+  0x01, 0x02, 0x21, 0x00, 0xea, 0x8c, 0x21, 0xd4, 0x7f, 0x3f, 0xb6, 0x91,
+  0xfa, 0xf8, 0xb9, 0x2d, 0xcb, 0x36, 0x36, 0x02, 0x5f, 0xf0, 0x0c, 0x6e,
+  0x87, 0xaa, 0x5c, 0x14, 0xf6, 0x56, 0x8e, 0x12, 0x92, 0x25, 0xde, 0xb3,
+  0x02, 0x21, 0x00, 0xd8, 0x99, 0x01, 0xf1, 0x04, 0x0b, 0x98, 0xa3, 0x71,
+  0x56, 0x1d, 0xea, 0x6f, 0x45, 0xd1, 0x36, 0x70, 0x76, 0x8b, 0xab, 0x69,
+  0x30, 0x58, 0x9c, 0xe0, 0x45, 0x97, 0xe7, 0xb6, 0xb5, 0xef, 0xc1, 0x02,
+  0x21, 0x00, 0xa2, 0x01, 0x06, 0xc0, 0xf2, 0xdf, 0xbc, 0x28, 0x1a, 0xb4,
+  0xbf, 0x9b, 0x5c, 0xd8, 0x65, 0xf7, 0xbf, 0xf2, 0x5b, 0x73, 0xe0, 0xeb,
+  0x0f, 0xcd, 0x3e, 0xd5, 0x4c, 0x2e, 0x91, 0x99, 0xec, 0xb7, 0x02, 0x20,
+  0x4b, 0x9d, 0x46, 0xd7, 0x3c, 0x01, 0x4c, 0x5d, 0x2a, 0xb0, 0xd4, 0xaa,
+  0xc6, 0x03, 0xca, 0xa0, 0xc5, 0xac, 0x2c, 0xe0, 0x3f, 0x4d, 0x98, 0x71,
+  0xd3, 0xbd, 0x97, 0xe5, 0x55, 0x9c, 0xb8, 0x41, 0x02, 0x20, 0x02, 0x42,
+  0x9f, 0xd1, 0x06, 0x35, 0x3b, 0x42, 0xf5, 0x64, 0xaf, 0x6d, 0xbf, 0xcd,
+  0x2c, 0x3a, 0xcd, 0x0a, 0x9a, 0x4d, 0x7c, 0xad, 0x29, 0xd6, 0x36, 0x57,
+  0xd5, 0xdf, 0x34, 0xeb, 0x26, 0x03
+};
+
+const int led = 13;
+
+void handleRoot() {
+  digitalWrite(led, 1);
+  server.send(200, "text/plain", "Hello from esp8266 over HTTPS!");
+  digitalWrite(led, 0);
+}
+
+void handleNotFound(){
+  digitalWrite(led, 1);
+  String message = "File Not Found\n\n";
+  message += "URI: ";
+  message += server.uri();
+  message += "\nMethod: ";
+  message += (server.method() == HTTP_GET)?"GET":"POST";
+  message += "\nArguments: ";
+  message += server.args();
+  message += "\n";
+  for (uint8_t i=0; i<server.args(); i++){
+    message += " " + server.argName(i) + ": " + server.arg(i) + "\n";
+  }
+  server.send(404, "text/plain", message);
+  digitalWrite(led, 0);
+}
+
+void setup(void){
+  pinMode(led, OUTPUT);
+  digitalWrite(led, 0);
+  Serial.begin(115200);
+  WiFi.begin(ssid, password);
+  Serial.println("");
+
+  // Wait for connection
+  while (WiFi.status() != WL_CONNECTED) {
+    delay(500);
+    Serial.print(".");
+  }
+  Serial.println("");
+  Serial.print("Connected to ");
+  Serial.println(ssid);
+  Serial.print("IP address: ");
+  Serial.println(WiFi.localIP());
+
+  if (MDNS.begin("esp8266")) {
+    Serial.println("MDNS responder started");
+  }
+
+  server.setServerKeyAndCert_P(rsakey, sizeof(rsakey), x509, sizeof(x509));
+
+  server.on("/", handleRoot);
+
+  server.on("/inline", [](){
+    server.send(200, "text/plain", "this works as well");
+  });
+
+  server.onNotFound(handleNotFound);
+
+  server.begin();
+  Serial.println("HTTPS server started");
+}
+
+void loop(void){
+  server.handleClient();
+}
--- a/libraries/ESP8266WebServer/keywords.txt
+++ b/libraries/ESP8266WebServer/keywords.txt
@ -7,6 +7,7 @@
 #######################################

 ESP8266WebServer	KEYWORD1
+ESP8266WebServerSecure	KEYWORD1
 HTTPMethod	KEYWORD1

 #######################################
--- a/libraries/ESP8266WebServer/src/ESP8266WebServer.cpp
+++ b/libraries/ESP8266WebServer/src/ESP8266WebServer.cpp
@ -282,7 +282,8 @@ void ESP8266WebServer::handleClient() {
  if (_currentClient.connected()) {
    switch (_currentStatus) {
    case HC_NONE:
-        break;
+      // No-op to avoid C++ compiler warning
+      break;
    case HC_WAIT_READ:
      // Wait for data from client to become available
      if (_currentClient.available()) {
@ -384,7 +385,7 @@ void ESP8266WebServer::send(int code, const char* content_type, const String& co
    //if(code == 200 && content.length() == 0 && _contentLength == CONTENT_LENGTH_NOT_SET)
    //  _contentLength = CONTENT_LENGTH_UNKNOWN;
    _prepareHeader(header, code, content_type, content.length());
-    _currentClient.write(header.c_str(), header.length());
+    _currentClientWrite(header.c_str(), header.length());
    if(content.length())
      sendContent(content);
 }
@ -400,7 +401,7 @@ void ESP8266WebServer::send_P(int code, PGM_P content_type, PGM_P content) {
    char type[64];
    memccpy_P((void*)type, (PGM_VOID_P)content_type, 0, sizeof(type));
    _prepareHeader(header, code, (const char* )type, contentLength);
-    _currentClient.write(header.c_str(), header.length());
+    _currentClientWrite(header.c_str(), header.length());
    sendContent_P(content);
 }

@ -428,11 +429,11 @@ void ESP8266WebServer::sendContent(const String& content) {
    char * chunkSize = (char *)malloc(11);
    if(chunkSize){
      sprintf(chunkSize, "%x%s", len, footer);
-      _currentClient.write(chunkSize, strlen(chunkSize));
+      _currentClientWrite(chunkSize, strlen(chunkSize));
      free(chunkSize);
    }
  }
-  _currentClient.write(content.c_str(), len);
+  _currentClientWrite(content.c_str(), len);
  if(_chunked){
    _currentClient.write(footer, 2);
    if (len == 0) {
@ -451,11 +452,11 @@ void ESP8266WebServer::sendContent_P(PGM_P content, size_t size) {
    char * chunkSize = (char *)malloc(11);
    if(chunkSize){
      sprintf(chunkSize, "%x%s", size, footer);
-      _currentClient.write(chunkSize, strlen(chunkSize));
+      _currentClientWrite(chunkSize, strlen(chunkSize));
      free(chunkSize);
    }
  }
-  _currentClient.write_P(content, size);
+  _currentClientWrite_P(content, size);
  if(_chunked){
    _currentClient.write(footer, 2);
    if (size == 0) {
--- a/libraries/ESP8266WebServer/src/ESP8266WebServer.h
+++ b/libraries/ESP8266WebServer/src/ESP8266WebServer.h
@ -71,12 +71,12 @@ class ESP8266WebServer
 public:
  ESP8266WebServer(IPAddress addr, int port = 80);
  ESP8266WebServer(int port = 80);
-  ~ESP8266WebServer();
+  virtual ~ESP8266WebServer();

-  void begin();
-  void handleClient();
+  virtual void begin();
+  virtual void handleClient();

-  void close();
+  virtual void close();
  void stop();

  bool authenticate(const char * username, const char * password);
@ -93,7 +93,7 @@ public:

  String uri() { return _currentUri; }
  HTTPMethod method() { return _currentMethod; }
-  WiFiClient client() { return _currentClient; }
+  virtual WiFiClient client() { return _currentClient; }
  HTTPUpload& upload() { return *_currentUpload; }

  String arg(String name);        // get request argument value by name
@ -140,6 +140,8 @@ template<typename T> size_t streamFile(T &file, const String& contentType){
 }

 protected:
+  virtual size_t _currentClientWrite(const char* b, size_t l) { return _currentClient.write( b, l ); }
+  virtual size_t _currentClientWrite_P(PGM_P b, size_t l) { return _currentClient.write_P( b, l ); }
  void _addRequestHandler(RequestHandler* handler);
  void _handleRequest();
  void _finalizeResponse();
--- a/libraries/ESP8266WebServer/src/ESP8266WebServerSecure.cpp
+++ b/libraries/ESP8266WebServer/src/ESP8266WebServerSecure.cpp
@ -0,0 +1,140 @@
+/*
+  ESP8266WebServerSecure.cpp - Dead simple HTTPS web-server.
+  Supports only one simultaneous client, knows how to handle GET and POST.
+
+  Copyright (c) 2017 Earle F. Philhower, III. All rights reserved.
+
+  This library is free software; you can redistribute it and/or
+  modify it under the terms of the GNU Lesser General Public
+  License as published by the Free Software Foundation; either
+  version 2.1 of the License, or (at your option) any later version.
+
+  This library is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public
+  License along with this library; if not, write to the Free Software
+  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+  Modified 8 May 2015 by Hristo Gochkov (proper post and file upload handling)
+*/
+
+
+#include <Arduino.h>
+#include <libb64/cencode.h>
+#include "WiFiServer.h"
+#include "WiFiClient.h"
+#include "ESP8266WebServerSecure.h"
+
+
+ESP8266WebServerSecure::ESP8266WebServerSecure(IPAddress addr, int port) 
+: _serverSecure(addr, port)
+{
+}
+
+ESP8266WebServerSecure::ESP8266WebServerSecure(int port)
+: _serverSecure(port)
+{
+}
+
+void ESP8266WebServerSecure::setServerKeyAndCert_P(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen)
+{
+    _serverSecure.setServerKeyAndCert_P(key, keyLen, cert, certLen);
+}
+
+void ESP8266WebServerSecure::setServerKeyAndCert(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen)
+{
+    _serverSecure.setServerKeyAndCert(key, keyLen, cert, certLen);
+}
+
+ESP8266WebServerSecure::~ESP8266WebServerSecure() {
+  // Nothing to do here.
+  // Base class's destructor will be called to clean up itself
+}
+
+// We need to basically cut-n-paste these from WebServer because of the problem
+// of object slicing. The class uses assignment operators like "WiFiClient x=y;"
+// When this happens, even if "y" is a WiFiClientSecure, the main class is 
+// already compiled down into code which will only copy the WiFiClient superclass
+// and not the extra bits for our own class (since when it was compiled it needed
+// to know the size of memory to allocate on the stack for this local variable
+// there's not realy anything else it could do).
+
+void ESP8266WebServerSecure::begin() {
+  _currentStatus = HC_NONE;
+  _serverSecure.begin();
+  if(!_headerKeysCount)
+    collectHeaders(0, 0);
+}
+
+void ESP8266WebServerSecure::handleClient() {
+  if (_currentStatus == HC_NONE) {
+    WiFiClientSecure client = _serverSecure.available();
+    if (!client) {
+      return;
+    }
+
+#ifdef DEBUG_ESP_HTTP_SERVER
+    DEBUG_OUTPUT.println("New secure client");
+#endif
+
+    _currentClientSecure = client;
+    _currentStatus = HC_WAIT_READ;
+    _statusChange = millis();
+  }
+
+  bool keepCurrentClient = false;
+  bool callYield = false;
+
+  if (_currentClientSecure.connected()) {
+    switch (_currentStatus) {
+    case HC_NONE:
+      // No-op to avoid C++ compiler warning
+      break;
+    case HC_WAIT_READ:
+      // Wait for data from client to become available
+      if (_currentClientSecure.available()) {
+        if (_parseRequest(_currentClientSecure)) {
+          _currentClientSecure.setTimeout(HTTP_MAX_SEND_WAIT);
+          _contentLength = CONTENT_LENGTH_NOT_SET;
+          _handleRequest();
+
+          if (_currentClientSecure.connected()) {
+            _currentStatus = HC_WAIT_CLOSE;
+            _statusChange = millis();
+            keepCurrentClient = true;
+          }
+        }
+      } else { // !_currentClient.available()
+        if (millis() - _statusChange <= HTTP_MAX_DATA_WAIT) {
+          keepCurrentClient = true;
+        }
+        callYield = true;
+      }
+      break;
+    case HC_WAIT_CLOSE:
+      // Wait for client to close the connection
+      if (millis() - _statusChange <= HTTP_MAX_CLOSE_WAIT) {
+        keepCurrentClient = true;
+        callYield = true;
+      }
+    }
+  }
+
+  if (!keepCurrentClient) {
+    _currentClientSecure = WiFiClientSecure();
+    _currentStatus = HC_NONE;
+    _currentUpload.reset();
+  }
+
+  if (callYield) {
+    yield();
+  }
+}
+
+void ESP8266WebServerSecure::close() {
+  _currentClientSecure.stop();
+  _serverSecure.close();
+}
+
--- a/libraries/ESP8266WebServer/src/ESP8266WebServerSecure.h
+++ b/libraries/ESP8266WebServer/src/ESP8266WebServerSecure.h
@ -0,0 +1,55 @@
+/*
+  ESP8266WebServerSecure.h - Dead simple HTTPS web-server.
+  Supports only one simultaneous client, knows how to handle GET and POST.
+
+  Copyright (c) 2017 Earle F. Philhower, III. All rights reserved.
+
+  This library is free software; you can redistribute it and/or
+  modify it under the terms of the GNU Lesser General Public
+  License as published by the Free Software Foundation; either
+  version 2.1 of the License, or (at your option) any later version.
+
+  This library is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public
+  License along with this library; if not, write to the Free Software
+  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+
+#ifndef ESP8266WEBSERVERSECURE_H
+#define ESP8266WEBSERVERSECURE_H
+
+#include <ESP8266WebServer.h>
+#include <WiFiServerSecure.h>
+
+class ESP8266WebServerSecure : public ESP8266WebServer
+{
+public:
+  ESP8266WebServerSecure(IPAddress addr, int port = 443);
+  ESP8266WebServerSecure(int port = 443);
+  virtual ~ESP8266WebServerSecure();
+
+  void setServerKeyAndCert_P(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen);
+  void setServerKeyAndCert(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen);
+
+  WiFiClient client() override { return _currentClientSecure; }
+
+  void begin() override;
+  void handleClient() override;
+  void close() override;
+
+private:
+  size_t _currentClientWrite (const char *bytes, size_t len) override { return _currentClientSecure.write((const uint8_t *)bytes, len); }
+  size_t _currentClientWrite_P (PGM_P bytes, size_t len) override { return _currentClientSecure.write_P(bytes, len); }
+
+protected:
+  WiFiServerSecure _serverSecure;
+  WiFiClientSecure _currentClientSecure;
+};
+
+
+#endif //ESP8266WEBSERVERSECURE_H