Reported in https://github.com/esp8266/Arduino/issues/4078.
WiFiClient::stopAll, called from a WiFi disconnected event handler,
could be called while WiFiClient::connect was in progress. This issue
was initially fixed in #4194, by testing `this` pointer for being
non-null in ClientContext::connect.
This change delegates deletion of ClientContext to WiFiClient
destructor. WiFiClient::stop only calls ClientContext::stop, which
closes/aborts the connection.
Use platform.local.txt to add -Werror to GCC for the build of all
code. Any warnings on a submitted patch will cause an error.
Several examples and libraries had warnings/errors (missing returns
on functions, types, etc.). Clean those up with this commit as well.
In issue #4350, @mongozmaki found that the web server was accessing a
deleted variable in the destructor. Implement his suggested change
and move the close() before any freeing. Could also have simply
NULL'd out the _currentHeaders member after freeing as well.
Fixes issue #4350
* Fix leak on multiple SSL server connections
Fixes#4302
The refcnt setup for the WiFiClientSecure's SSLContext and ClientContext
had issues in certain conditions, causing a massive memory leak on each
SSL server connection. Depending on the state of the machine, after two or
three connections it would OOM and crash.
This patch replaces most of the refcnt operations with C++11 shared_ptr
operations, cleaning up the code substantially and removing the leakage.
Also fixes a race condition where ClientContext was free'd before the SSLContext
was stopped/shutdown. When the SSLContext tried to do ssl_free, axtls would
attempt to send out the real SSL disconnect bits over the wire, however by
this time the ClientContext is invalid and it would fault.
* Separate client and server SSL_CTX, support both
Refactor to use a separate client SSL_CTX and server SSL_CTX. This
allows for separate certificates to be installed on each, and means
that you can now have both a *single* client and a *single* server
running in parallel at the same time, as they'll have separate memory
areas.
Tested using mqtt_esp8266 SSL client with a client certificate and a
WebServerSecure with its own custom certificate and key in parallel.
* Add brackets around a couple if-else clauses
* add begin(port) to esp8266webserver, move some strings to flash, some refactoring
* Moved more strings to flash, unified some strings
* move mimetable strings into a standalone file
* more string moves to flash, remove duplicates, refactor of template method, minor styling
* Reverted moving small string to flash (no heap advantage, reduces bin size)
The server needs to load an X509 and RSA key, but instead of using
the existing loadObject() calls implemented its own. Remove them and
use the standard ones instead.
The DEBUG_OUTPUT macro was undefined in the SSL Web server. Add it
in do that when you compile with DEBUG=HTTP_SERVER it actually compiles.
The certificate fingerprint included with the HTTPSRequest example seems
to be for an expired api.github.com certificate. Replace with the current
one to avoid reporting "certificate mismatch" errors when running.
When building using the new NDEBUG option recently added, the assert()
macro is defined to nothing. This leaves a few variables unused in the
WiFi stack causing compiler warnings. Add in empty casts to remove
these warnings. Does not affect actual assert use when NDEBUG is not
defined.
Adds SSL server mode for WiFiServerSecure, for plain SSL connections,
ESP8266WebServerSecure, for HTTPS web serving, and SecureHTTPSUpdater for
encrypted OTA updates.
Example code is provided for all new options, as well as a BASH script for
generating their own, self-signed certificates.
Both ESP8266WebServerSecure and SecureHTTPSUpdater are important for secure
password-based authentication. HTTP Basic Authentication, the only supported
model presently, sends the username and password in *cleartext* and therefore
should *never* be used in any un-SSL encrypted channel unless you don't mind
sharing your login and password with anyone else on the internet. Even if the
ESP8266 is not safety critical, this cleartext broadcast could expose you should
you reuse this password elsewhere on your network or the internet.
* lib/Ticker: add bool active()
Makes it easier to self detach, and check if a timer is still operating.
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
* Code cleanup Ticker.cpp
* Make HTTP server test data easier to examine
* Add HTTP server parameter tests containing & and =
* Fix URL parameter decoding in web server
The parameters string needs to be first split on & and =, and URL
decoding on parts done after that. Otherwise URL encoded & and = within
parameter names and values cause incorrect splitting.
axTLS does not correctly implement max_fragment_length extension. This
causes servers which understand this extension (currently GnuTLS- and
WolfSSL-based) to reject the client hello.
Until this is fixed in axTLS, remove the call to enable this extension
from WiFiClientSecure.
Fixes https://github.com/esp8266/Arduino/issues/3932.
