BearSSLX509List, BearSSLSession, BearSSLPublicKey, and BearSSLPrivateKey
were all in the global namespace and not in the BearSSL:: one, due to an
oversight when they were originally created. Move them to the proper
namespace with the following mapping:
BearSSLX509List => BearSSL::X509List
BearSSLSession => BearSSL::Session
BearSSLPublicKey => BearSSL::PublicKey
BearSSLPrivateKey => BearSSL::PrivateKey
* update HTTPClient API usage
skip the second POST as end() has different semantics and nulls the client pointer
use bearssl in ssl tests
add delay in python side when shutting down http web server so MacOS does not complain about address already in use
* fix crash if GET/POST was called after end() without a new begin()
update double POST test to insure no crash if POST called after end()
test now are for both AxTLS and BearSSL
* fix small comment typo
* Removed _client->stop() from destructor; some minor changes
* Changed BasicHttpsClient.ino to allocate BearSSL::WiFiClientSecure object on the heap in stead of stack
* Removed unnecessary code
* Correcting bad fix for #5216
* Minor formatting to pass Travis tests
* Changed client * to std::unique_ptr<> client
* Updated example
Fix bug introduced by #5167 which replaced delay() by yield().
That should have been esp_yield() which is the one delay()
calls and is safe from either SYS or CONT contexts.
Fixes#5237.
* fix parseArgument
* remove recursion
* keep variable naming style consistent
* inviting Alexa
* fix alexa fix (well, trying...)
* fix pos substrings
key_end_pos--;
dont count down here, it will cut of every key by -1 ("save" will be "sav") (substring (end = up to, but not including, so no need to -1)
Parsing cpp L329
arg.value = urlDecode(data.substring(equal_index + 1, next_index - 1));
=> -1 is too less for substring (substring (end = up to, but not including, so no need to -1)
* alexa invite: add workaround for malformed x-www-form-urlencoded
* when !form, alway add content in key "plain"
* fix memleak
* parse arguments: use functors
* cleaning
* Removed _client->stop() from destructor; some minor changes
* Changed BasicHttpsClient.ino to allocate BearSSL::WiFiClientSecure object on the heap in stead of stack
Allow the unused stack to be reset to the check value at any time in
the application, allowing for delta-stack calculations to be done.
Add ESP.resetFreeContStack() class method for general use.
Add in some dumping in the BearSSL_Validation example to show the
usage for those that care.
* fwupdate
* fw update to latest version:
WPA working, WEP+Open disabled by default. Need API change.
* helpers to follow sdk updates
* remove compare scripts - made a separate PR for them
* add wep api, restore original espressif comment (wep enabled does not prevent wpa)
* libmain was not up to date
* experimental: DTIM setting in WiFi.setSleepMode(WIFI_LIGHT/MODEM_SLEEP, DTIM-value)
with new getter: .getListenInterval() / .isSleepLevelMax()
* fixes
* fix debug message
* when not using listenInterval, set wifi sleep level to min
* update documentation
* update doc
Make HTTPClient take a WiFiClient parameter, allowing you to pass in a
simple HTTP WiFiClient or a BearSSL or axTLS WiFiClientSecure with
any desired verification options. Deprecate the older, TLSTraits methods.
Add basic HttpsClient example.
Add optional LED feedback to the Update class
This speeds up the ESP8266WebServer::streamFile more than 3 times. Tested on streaming the 800+ Kb file from SD (FAT32), average time without a fix was 9000 ms, with the fix is 2600 ms (maximal possible SPI speed used), which is as fast as streaming the same file from internal SPIFFS. Hardware: WeMos D1 mini.
If the server returns several headers of the same key (e.g Set-Cookie) only the last one is returned, causing issues in communicating with some servers where cookies are required.
This change concatenates the headers of the same key separated by "," to alleviate this issue.
Print a warning when in debug mode when a BearSSL connection tries to
connect without having any defined authentication methods, since it will
fail.
Completely remove the empty axTLS compatibilty method
"::verify(char *fp, char *name)" because it can't be done w/BearSSL w/o
user code changes, and always failed. Better to have a compile failure
when we know at compile time the app won't do what is expected.
Completes the changes started by @d-a-v in PR #4833
Add a method allowing a user to send in a character string for the
fingerprint, like axTLS supported.
Implements part of PR #4833 from @d-a-v with changes requested in
discussion.
The BearSSL second stack, once allocated, was never deallocated. The
reference count of the stack pointer never hit 0 due to the initial
creation counting as one. Now, check to see if there is only one use_count
and if so then delete the stack.
SSL Sessions enable most of the SSL handshake to be skipped when both
client and server agree to use them. Add a BearSSLSession class and
an optional setting to the SSL client to enable this.
Note that SSL sessions are unrelated to HTTP sessions. They are
ephemeral and only relate to the SSL parameters, not anything at
the HTTP protocol level.
The cipher list count/pointer was cleared separately in the three
constructors available. Move this reset to _clear() to reduce code
duplication and keep the semantics.
Pull in latest BearSSL head (0.6 + minor additions) release and add AES_CCM
modes to the encryption options. Enable the aes_ccm initialization in client/server
The EC mul20 and square20 code was identical in two different files,
but because these copies were static, we ended up with an extra 6k of
duplicated code. Updated BearSSL to make them shared, saving 6KB.
The cipher list values were not initialized to NULL appropriately for the
BearSSL::WiFiClientSecure() constructor called by the Server object.
This caused a crash as a random value was free'd when conecting to the
SSL server object.
ClientContext::_wait_for_sent() could dereference a TCP's _pcb after
the connection was dropped by the OS, resulting in a crash.
Move the connection dropped check to catch this case, and replace
a fixed millisecond delay() with a yield and timeout value to minimize
wasted time when transmission completes.
* - Add assert in HelloMesh.ino for invalid transmission status.
- Make uint64ToString and stringToUint64 methods into stand-alone type conversion functions.
- Add getters and setters for requestHandler and responseHandler.
- Polish HelloMesh.ino code by adding networkIndex as networkFilter loop variable and switching networkFilter definition position.
- Add initial WiFi.disconnect() in HelloMesh.ino setup() function to ensure smooth WiFi operation.
- Add latestTransmissionSuccessful() convenience method.
- Change default WiFi mode to WIFI_STA and improve handling of WiFi mode (fixes issue #5071).
- Add checks to methods that change AP properties to avoid unnecessary AP restarts.
- Add getter for ESP8266WiFiMesh SSID and getters and setters for ESP8266WiFiMesh settings related to hidden SSID usage, max station connections allowed per AP and WiFi timeouts.
- Make waitForClientTransmission method use more accurate timekeeping.
- Improve type usage.
- Improve comments.
- Update README.md, keywords.txt and library.properties.
* Make getter and setter order consistent throughout code.
* - Fix active AP getting turned off when calling begin().
- Fix crash bug due to WiFiServer duplication when using the ESP8266WiFiMesh copy constructor with the AP controller as argument, under certain circumstances.
* - Move non performance-sensitive Strings to flash memory to save RAM.
- Add comments explaining F(), FPSTR() and PROGMEM.
- Fix README.md formatting.
* Remove the uint64ToString and stringToUint64 methods from the ESP8266WiFiMesh class since they are now stand-alone functions in the TypeConversionFunctions files.
* Change the minimum valid argument value of the setMaxAPStations method to 0, since this value is also supported by the ESP8266.
* Fix compiler warning.
* Add full debug builds for all tests
In order to ensure the -DEBUG builds don't fail with checked-in code, add
two jobs which build even/odd with full debug flags to Travis.
Fixes#5143
* Add in dump of platform.txt to verify build options
* Fix BASH comparison of strings
* Fix debug-mode compile error in ESP8266AVRISP
* Add -Wextra to CI (matches IDE "All" warnings)
* Allow cipher specification for BearSSL
BearSSL has many more ciphers than axTLS, but they are more compute intensive
and slower. Add an option to use only the same, limited security, axTLS ciphers
as well as allow users to specify any suite of ciphers they want using standard
BearSSL formats.
Fixes#5110
* Rename methods to avoid axtls references.
* Allow std::vector to set a list of allowed ciphers
For C++ afficionados, allow std::vectors to be passed in to the setCipher()
routine.
The BearSSL object will now keep a copy of any set ciphers and free on object
destruction. These custom lists should normally only be 1-4 entries long, so it
is not expected to be a memory hog having this extra copy.
As part of the "clear connection configuration for reused objects"
patch, a ::stop would reset the self-signed, trust anchors, etc.
WiFiClient, unfortunately, calls ::stop as part of the connection
process, so all of these settings were lost.
Now only clear the connection settings on ::stop if we've already
been connected.
Also update the github public key which changed yet again.
Fixes#5086
