BearSSLX509List, BearSSLSession, BearSSLPublicKey, and BearSSLPrivateKey
were all in the global namespace and not in the BearSSL:: one, due to an
oversight when they were originally created. Move them to the proper
namespace with the following mapping:
BearSSLX509List => BearSSL::X509List
BearSSLSession => BearSSL::Session
BearSSLPublicKey => BearSSL::PublicKey
BearSSLPrivateKey => BearSSL::PrivateKey
* update HTTPClient API usage
skip the second POST as end() has different semantics and nulls the client pointer
use bearssl in ssl tests
add delay in python side when shutting down http web server so MacOS does not complain about address already in use
* fix crash if GET/POST was called after end() without a new begin()
update double POST test to insure no crash if POST called after end()
test now are for both AxTLS and BearSSL
* fix small comment typo
The ISR could end up writing a 0 to a GPIO that had previously been
stopped, effectively overwriting user writes to those pins. Fix to
only actually disable and write when a pin was enabled and times out.
Fixes#5306
Apply patches developed by Sze Yiu Chau <schau@purdue.edu> which
correct a vulnerability in X509 parsing.
See CVE-2018-16150 and CVE-2018-16149 for more info.
CA certification validation was broken by a change put in during warning
cleanup a long time ago. This binary now includes the 1-line correction
and HTTPSRequestCACert now works again (before was failing
because the key usages in certs were not properly read).
* Removed _client->stop() from destructor; some minor changes
* Changed BasicHttpsClient.ino to allocate BearSSL::WiFiClientSecure object on the heap in stead of stack
* Removed unnecessary code
* Correcting bad fix for #5216
* Minor formatting to pass Travis tests
* Changed client * to std::unique_ptr<> client
* Updated example
Fix bug introduced by #5167 which replaced delay() by yield().
That should have been esp_yield() which is the one delay()
calls and is safe from either SYS or CONT contexts.
Fixes#5237.
* fix parseArgument
* remove recursion
* keep variable naming style consistent
* inviting Alexa
* fix alexa fix (well, trying...)
* fix pos substrings
key_end_pos--;
dont count down here, it will cut of every key by -1 ("save" will be "sav") (substring (end = up to, but not including, so no need to -1)
Parsing cpp L329
arg.value = urlDecode(data.substring(equal_index + 1, next_index - 1));
=> -1 is too less for substring (substring (end = up to, but not including, so no need to -1)
* alexa invite: add workaround for malformed x-www-form-urlencoded
* when !form, alway add content in key "plain"
* fix memleak
* parse arguments: use functors
* cleaning
* Make stopWaveform call interrupt callable
Match the behavior of pre-2.4.2 PWM by allowing stopWaveform to be
called from an interrupt.
Fixes#5247
* Move to O2, save ~500 bytes of code
The actual runtime difference of -O2 vs -O3 is quite small, but -O3
takes ~500 more bytes of code (~300 more in IRAM, ~200 more in PMEM).
* Update debugging.rst
PLEASE REVIEW
The current link definitely points to the wrong line, where there's nothing remotely resembling a list of DEBUG_ESP_* definitions. There's not an actual "full list" in the whole boards.txt really, but this is the closest thing that can be found in that file.
Some additional explanation is needed though, unless there is an actual list somewhere else.
* Update debugging.rst
requested change
* Removed _client->stop() from destructor; some minor changes
* Changed BasicHttpsClient.ino to allocate BearSSL::WiFiClientSecure object on the heap in stead of stack
Allow the unused stack to be reset to the check value at any time in
the application, allowing for delta-stack calculations to be done.
Add ESP.resetFreeContStack() class method for general use.
Add in some dumping in the BearSSL_Validation example to show the
usage for those that care.
* update to lwIP-2.1.0rc1: partial SACK support
fix#4176
* hash fix
* get some flash back due to mistake in conf (fragmentation & reassembly was incorrectly enabled)
(ahah I scared you)
* add missing include files
* update to lwip-2.1.0(release) + remove unused lwIP's include files
* lwIP release 2.1.0, SACK is now default, bigger, no-SACK is selectable
* fix ldscript
* pio
* rename 'sack' option to 'feat'ure option, + IP fragmentation/reassembly
* merge, fix pio
* change internal/hidden string
* pio: more lwip2 configuration: + without sack for no change in flash footprint
* fwupdate
* fw update to latest version:
WPA working, WEP+Open disabled by default. Need API change.
* helpers to follow sdk updates
* remove compare scripts - made a separate PR for them
* add wep api, restore original espressif comment (wep enabled does not prevent wpa)
* libmain was not up to date
* experimental: DTIM setting in WiFi.setSleepMode(WIFI_LIGHT/MODEM_SLEEP, DTIM-value)
with new getter: .getListenInterval() / .isSleepLevelMax()
* fixes
* fix debug message
* when not using listenInterval, set wifi sleep level to min
* update documentation
* update doc
Make HTTPClient take a WiFiClient parameter, allowing you to pass in a
simple HTTP WiFiClient or a BearSSL or axTLS WiFiClientSecure with
any desired verification options. Deprecate the older, TLSTraits methods.
Add basic HttpsClient example.
Add optional LED feedback to the Update class
This speeds up the ESP8266WebServer::streamFile more than 3 times. Tested on streaming the 800+ Kb file from SD (FAT32), average time without a fix was 9000 ms, with the fix is 2600 ms (maximal possible SPI speed used), which is as fast as streaming the same file from internal SPIFFS. Hardware: WeMos D1 mini.
If the server returns several headers of the same key (e.g Set-Cookie) only the last one is returned, causing issues in communicating with some servers where cookies are required.
This change concatenates the headers of the same key separated by "," to alleviate this issue.
Print a warning when in debug mode when a BearSSL connection tries to
connect without having any defined authentication methods, since it will
fail.
Completely remove the empty axTLS compatibilty method
"::verify(char *fp, char *name)" because it can't be done w/BearSSL w/o
user code changes, and always failed. Better to have a compile failure
when we know at compile time the app won't do what is expected.
Completes the changes started by @d-a-v in PR #4833
Add a method allowing a user to send in a character string for the
fingerprint, like axTLS supported.
Implements part of PR #4833 from @d-a-v with changes requested in
discussion.
* Revert "Make softAP documentation state the correct min value (0) for the max_connection argument. (#5165)"
This reverts commit 24a1d22730685e20c7f506574d28c90af567c439.
* Revert "Wrong directory for installation?? (#5163)"
This reverts commit d547c4766780f5a9af4a6cbda42cab790de745bc.
* Update README.md
Specify Linux dir for using git
PLEASE REVIEW, I'm not completely sure, but on Linux there's no `hardware` directory inside `Java`, and it doesn't seem to make sense that there should be on MacOS. There is, instead, a `hardware` directory in the parent.
The BearSSL second stack, once allocated, was never deallocated. The
reference count of the stack pointer never hit 0 due to the initial
creation counting as one. Now, check to see if there is only one use_count
and if so then delete the stack.
SSL Sessions enable most of the SSL handshake to be skipped when both
client and server agree to use them. Add a BearSSLSession class and
an optional setting to the SSL client to enable this.
Note that SSL sessions are unrelated to HTTP sessions. They are
ephemeral and only relate to the SSL parameters, not anything at
the HTTP protocol level.
The cipher list count/pointer was cleared separately in the three
constructors available. Move this reset to _clear() to reduce code
duplication and keep the semantics.
