Adds SSL server mode for WiFiServerSecure, for plain SSL connections,
ESP8266WebServerSecure, for HTTPS web serving, and SecureHTTPSUpdater for
encrypted OTA updates.
Example code is provided for all new options, as well as a BASH script for
generating their own, self-signed certificates.
Both ESP8266WebServerSecure and SecureHTTPSUpdater are important for secure
password-based authentication. HTTP Basic Authentication, the only supported
model presently, sends the username and password in *cleartext* and therefore
should *never* be used in any un-SSL encrypted channel unless you don't mind
sharing your login and password with anyone else on the internet. Even if the
ESP8266 is not safety critical, this cleartext broadcast could expose you should
you reuse this password elsewhere on your network or the internet.
* Make HTTP server test data easier to examine
* Add HTTP server parameter tests containing & and =
* Fix URL parameter decoding in web server
The parameters string needs to be first split on & and =, and URL
decoding on parts done after that. Otherwise URL encoded & and = within
parameter names and values cause incorrect splitting.
* Added constant time strings comparison to avoid possible time-based attacks
* Fixed data types
* Fixed indentation
* Moved string comnparison in constant time to String class; modified function body to assure constant time comparison despite compiler optimizations
* Removed wrong code
* Fixed error and prevented compiler optimization to delete u1 local variable
* Avoid timing attacks on string comparison
* Minor
* changed counter names, removed else
* Add Digest Auth
* Check for Opaque and Nonce
* Remove Serial Debug and fix Indentation
* Added example sketch with documentation,Fixed indentation and Defaults
* Digest Authentication minor changes + new padded 32 digit random function
* update license to public domain
* renaming functions
The extension -> MIME type routine uses lots of constant strings which end
up in the RODATA segment of RAM. Refactor the comparison to use a table of
strings stored in PMMEM instead, freeing ~370 bytes for the heap.
* Suppressed -Wunused-parameter and -Wunused-function by casting to void unused identifiers.
* Explicit initialization of all fields to suppress -Wmissing-field-initializers.
* Fixed signed/unsigned integer comparison.
* memset initialization of structs.
* More -Wunused-parameter fixes.
* WiFiClient: use DataSource for writes
* ESP8266WebServer: delegate writing to WiFiClient
* ESP8266WebServer: set write timeout before sending content
Fix handling of case when Content-Length is 0.
Change do {} while() loop into while(){} so that we don't wait 1000ms for data in case Content-Length is 0.
Also fix handling of cases when malloc or realloc return null.
If there is a delay before data becomes available on a new connection
then the handler function blocks for up to 1 second, and there's another
wait on connection close for up to 2 seconds.
This doesn't make the whole server process asynchronous (there is another
delay between headers/data) but it helps when there are other events
that need attention while handling web requests.
This is needed since when the content-length header is not sent the clients will
wait for data anyways. Sending a content length of zero will tell the client not
to expect any content and it will close the connection immediately.
