1
0
mirror of https://github.com/esp8266/Arduino.git synced 2025-10-24 07:13:45 +03:00
Commit Graph

118 Commits

Author SHA1 Message Date
Earle F. Philhower, III
e3c970210f Add BearSSL client and server, support true bidir, lower memory, modern SSL (#4273)
BearSSL (https://www.bearssl.org) is a TLS(SSL) library written by
Thomas Pornin that is optimized for lower-memory embedded systems
like the ESP8266. It supports a wide variety of modern ciphers and
is unique in that it doesn't perform any memory allocations during
operation (which is the unfortunate bane of the current axTLS).

BearSSL is also absolutely focused on security and by default performs
all its security checks on x.509 certificates during the connection
phase (but if you want to be insecure and dangerous, that's possible
too).

While it does support unidirectional SSL buffers, like axTLS,
as implemented the ESP8266 wrappers only support bidirectional
buffers. These bidirectional buffers avoid deadlocks in protocols
which don't have well separated receive and transmit periods.

This patch adds several classes which allow connecting to TLS servers
using this library in almost the same way as axTLS:
BearSSL::WiFiClientSecure - WiFiClient that supports TLS
BearSSL::WiFiServerSecure - WiFiServer supporting TLS and client certs

It also introduces objects for PEM/DER encoded keys and certificates:
BearSSLX509List - x.509 Certificate (list) for general use
BearSSLPrivateKey - RSA or EC private key
BearSSLPublicKey - RSA or EC public key (i.e. from a public website)

Finally, it adds a Certificate Authority store object which lets
BearSSL access a set of trusted CA certificates on SPIFFS to allow it
to verify the identity of any remote site on the Internet, without
requiring RAM except for the single matching certificate.
CertStoreSPIFFSBearSSL - Certificate store utility

Client certificates are supported for the BearSSL::WiFiClientSecure, and
what's more the BearSSL::WiFiServerSecure can also *require* remote clients
to have a trusted certificate signed by a specific CA (or yourself with
self-signing CAs).

Maximum Fragment Length Negotiation probing and usage are supported, but
be aware that most sites on the Internet don't support it yet.  When
available, you can reduce the memory footprint of the SSL client or server
dramatically (i.e. down to 2-8KB vs. the ~22KB required for a full 16K
receive fragment and 512b send fragment).  You can also manually set a
smaller fragment size and guarantee at your protocol level all data will
fit within it.

Examples are included to show the usage of these new features.

axTLS has been moved to its own namespace, "axtls".  A default "using"
clause allows existing apps to run using axTLS without any changes.

The BearSSL::WiFi{client,server}Secure implements the axTLS
client/server API which lets many end user applications take advantage
of BearSSL with few or no changes.

The BearSSL static library used presently is stored at
https://github.com/earlephilhower/bearssl-esp8266 and can be built
using the standard ESP8266 toolchain.
2018-05-14 20:46:47 -07:00
Ivan Grokhotkov
61cd8d8385 examples: format all .ino files
This formats all the example source files using Arduino style rules.
2018-03-08 14:32:06 +08:00
Parham Alvani
332e059724 ESP8266HTTPClient: add digest authentication example (#4112) 2018-01-10 16:27:25 +08:00
Ivan Grokhotkov
237f7d9b18 ESP8266HTTPClient: allow changing connection timeout using setTimeout (#4038)
Call Client::setTimeout before connection to influence connection
timeout.

Closes https://github.com/esp8266/Arduino/issues/3451.
2017-12-27 23:53:31 -03:00
Christopher Liebman
db1cfc7772 handle empty uri
http.begin("http://www.google.com") yields an empty uri and makes a broken request "GET  HTTPi/1.1"
2017-12-26 19:14:14 +01:00
James Stanley
2abbc36da4 Put WiFi into station mode in examples (#3731) 2017-10-22 13:53:01 +08:00
Rémy HUBSCHER
ed20eb5b3e ESP8266HTTPClient: update library.properties (#3406) 2017-09-22 03:57:28 -05:00
Joe Todd
c9dc8e1717 ESP8266HTTPClient: Add PATCH request (#3590) 2017-09-22 03:52:13 -05:00
Trygve Laugstøl
2d9e767630 Fixing a few compiler warnings to allow compilation with -Wall -Wextra and -Werror. (#3153) 2017-05-08 04:56:08 -05:00
Albert J wong
c6c54e710f Use correct cast for downcasting reference.
For downcasting, static_cast<> is the appropriate cast. Using reinterpret_cast<> will NOT correctly adjust the `this` pointer and dereferencing such a value is undefined by spec. See [expr.reinterpret.cast]p7 for the relevant passage. The only legal use of this pointer is in another set of reinterpret_cast expressions that either land it into a numeric value, or back to the original type.
2017-01-05 11:36:56 -06:00
Allen Smith
4dd9fef491 Fixed PUT(String) method, it called POST in error
About the simplest change possible, just delete two characters and add one. The PUT(String) convenience method called the full POST method instead of calling the PUT method
2016-10-28 14:12:38 -04:00
Fabian Desoye
3fc3e9a99d Added PUT Request to HTTP Client (#2310)
* Added PUT Request to HTTP Client

* Replaced Tabstops with spaces
2016-07-26 18:23:38 +08:00
Ivan Grokhotkov
dd81336b79 ESP8266HTTPClient: fix duplicate Content-Length headers (#1902) 2016-06-03 16:11:44 +08:00
Ivan Grokhotkov
a26ec346b3 Merge pull request #2057 from scottfitzenrider/base64Authorization-strip-newlines
Update ESP8266HTTPClient.cpp
2016-06-01 11:04:43 +08:00
Hideki Shiro
2df4a0b426 allow HTTP header value without LWS. 2016-05-27 00:42:47 +09:00
scottfitzenrider
0ac37810ca Update ESP8266HTTPClient.cpp
The libb64 base64 library adds newlines to the base64 encoding of the encoded _base64Authorization String if the encoded string every 72 characters.  This causes problems with the Authorization: Basic http header when the username and password are long.  The change strips out newlines from _base64Authorization right before the header is sent.
2016-05-25 15:07:14 -04:00
b-pas
74bd4f9200 include non-standard ports in Host: header 2016-05-07 10:56:24 -04:00
Ivan Grokhotkov
334837533f Add missing virtual destructor in TransportTraits (#1944) 2016-04-26 16:00:46 +08:00
Ivan Grokhotkov
76e322f2e7 Fix handling of chunked transfer encoding (#1975) 2016-04-26 15:58:12 +08:00
Ivan Grokhotkov
edaae2c194 HTTPClient: fix default port not being set 2016-04-25 21:03:39 +08:00
Ivan Grokhotkov
81d3bb3e3a Return error when HTTPClient::begin is called with HTTPS URL without certificate fingerprint (#1941) 2016-04-22 19:21:57 +08:00
Ivan Grokhotkov
84daa1a108 Add explicit cast (#1903) 2016-04-13 14:03:11 +03:00
Ivan Grokhotkov
46380003d5 Fix compilation when debug is enabled 2016-04-13 14:02:10 +03:00
Ivan Grokhotkov
a455f22587 HTTPClient, HTTPUpdate: save some RAM by moving strings into flash 2016-04-09 12:46:29 +03:00
Ivan Grokhotkov
bf7f33d918 Fix code formatting 2016-04-09 12:46:29 +03:00
Ivan Grokhotkov
bbc5e9ba01 Update library versions 2016-04-09 12:46:29 +03:00
Ivan Grokhotkov
cae4039225 HTTPClient: decouple transport layer handling 2016-04-09 12:46:29 +03:00
Ivan Grokhotkov
93d57fabe2 Remove overloads of HTTPClient::begin which take const char*
Since the data is stored as Strings internally, these methods do not serve as an optimisation
2016-04-09 12:46:29 +03:00
Markus Sattler
1060db94c2 handle possible dead lock in HTTP client see: #1520 2016-01-29 14:02:09 +01:00
Markus Sattler
27f1a63170 allow String for payload in HTTPclient sendRequest 2016-01-29 13:19:56 +01:00
Markus Sattler
4247b646bb Merge remote-tracking branch 'remotes/esp8266/master' 2016-01-16 14:01:19 +01:00
Markus Sattler
fb55e91118 fix #1368 2016-01-16 14:00:56 +01:00
Joost Jager
3d4e4f8cda Merge branch 'master' into my_changes_on_2.1.0-rc1 2016-01-12 21:26:09 +01:00
Joost Jager
ae1409125f Accept-Encoding missing comma added 2016-01-12 21:25:27 +01:00
Damian Peckett
ec1c90c545 Fix typo causing crash on missing uri scheme 2016-01-10 14:10:29 +11:00
Markus Sattler
2b23b005aa allow control of enabling debug and debug level from IDE 2016-01-02 12:25:39 +01:00
Markus Sattler
9b06b889c9 disable HTTP client debug 2015-12-31 17:10:38 +01:00
Markus Sattler
1ab74c1c76 add missing return HTTPC_ERROR_STREAM_WRITE 2015-12-31 15:02:53 +01:00
Markus Sattler
ef748e369a allow downgrade to HTTP 1.0
use HTTP/1.0 for update since the update handler not support any transfer Encoding
2015-12-31 14:02:00 +01:00
Markus Sattler
b828f34348 some docu 2015-12-31 12:16:22 +01:00
Markus Sattler
53287f4573 rework sendRequest stream too 2015-12-31 12:14:46 +01:00
Markus Sattler
bd7d915bcd rework error handling and detection
add retry for short write
remove compiler warnings
2015-12-31 12:00:26 +01:00
Markus Sattler
288e879a13 disable debug 2015-12-30 21:21:30 +01:00
Markus Sattler
cc0037682b add CHUNKED encoding support too http client (#1324)
HTTP Client - fix examples
increase default timeout to 5000ms
2015-12-30 21:20:43 +01:00
Denver Abrey
80857e3f87 Also set timeout on already existing connections 2015-12-27 20:02:08 +02:00
Denver Abrey
d1a6b32133 Allow setting TCP timeout 2015-12-27 19:45:17 +02:00
George Talusan
1e264047f9 better bytesWritten accounting in sendRequest and writeToStream 2015-12-23 11:29:59 -05:00
Markus Sattler
467da7c50f better error handling 2015-12-23 12:54:44 +01:00
Markus Sattler
b845d03b89 Merge remote-tracking branch 'remotes/esp8266/master' into httpClient 2015-12-23 12:50:19 +01:00
Ivan Grokhotkov
1c7b81660b Merge pull request #1289 from gtalusan/short_writes
handle short writes
2015-12-23 10:15:57 +03:00