The server needs to load an X509 and RSA key, but instead of using
the existing loadObject() calls implemented its own. Remove them and
use the standard ones instead.
The DEBUG_OUTPUT macro was undefined in the SSL Web server. Add it
in do that when you compile with DEBUG=HTTP_SERVER it actually compiles.
The certificate fingerprint included with the HTTPSRequest example seems
to be for an expired api.github.com certificate. Replace with the current
one to avoid reporting "certificate mismatch" errors when running.
When building using the new NDEBUG option recently added, the assert()
macro is defined to nothing. This leaves a few variables unused in the
WiFi stack causing compiler warnings. Add in empty casts to remove
these warnings. Does not affect actual assert use when NDEBUG is not
defined.
Adds SSL server mode for WiFiServerSecure, for plain SSL connections,
ESP8266WebServerSecure, for HTTPS web serving, and SecureHTTPSUpdater for
encrypted OTA updates.
Example code is provided for all new options, as well as a BASH script for
generating their own, self-signed certificates.
Both ESP8266WebServerSecure and SecureHTTPSUpdater are important for secure
password-based authentication. HTTP Basic Authentication, the only supported
model presently, sends the username and password in *cleartext* and therefore
should *never* be used in any un-SSL encrypted channel unless you don't mind
sharing your login and password with anyone else on the internet. Even if the
ESP8266 is not safety critical, this cleartext broadcast could expose you should
you reuse this password elsewhere on your network or the internet.
* lib/Ticker: add bool active()
Makes it easier to self detach, and check if a timer is still operating.
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
* Code cleanup Ticker.cpp
* Make HTTP server test data easier to examine
* Add HTTP server parameter tests containing & and =
* Fix URL parameter decoding in web server
The parameters string needs to be first split on & and =, and URL
decoding on parts done after that. Otherwise URL encoded & and = within
parameter names and values cause incorrect splitting.
axTLS does not correctly implement max_fragment_length extension. This
causes servers which understand this extension (currently GnuTLS- and
WolfSSL-based) to reject the client hello.
Until this is fixed in axTLS, remove the call to enable this extension
from WiFiClientSecure.
Fixes https://github.com/esp8266/Arduino/issues/3932.
* WiFiClientSecure: use _timeout setting when connecting
This timeout value can be customized via a call to setTimeout function.
Closes https://github.com/esp8266/Arduino/issues/3944.
* WiFiClientSecure: increase default connection timeout to 15 sec
* WiFiClientSecure: don't decrypt when testing for 'connected'
* WiFiClientSecure: don't trash unread decrypted data when writing
When application requests to write data, check if there is any unread
decrypted data left. If there is, don't write immediately, but save the
data to be written. When all decrypted data has been consumed by the
application, send out the saved outgoing data.
Fixes https://github.com/esp8266/Arduino/issues/2256.
